[2006/11/08 12:11:52, 6] param/loadparm.c:lp_file_list_changed(2998) lp_file_list_changed() file /usr/local/samba/etc/smb.conf.service.bkps -> /usr/local/samba/etc/smb.conf.service.bkps last mod_time: Tue Nov 7 10:59:35 2006 file /usr/local/samba/etc/smb.conf.global.%h -> /usr/local/samba/etc/smb.conf.global.warthole last mod_time: Thu Jan 1 01:00:00 1970 file /usr/local/samba/etc/smb.conf.global -> /usr/local/samba/etc/smb.conf.global last mod_time: Tue Nov 7 10:59:35 2006 file /usr/local/samba/etc/smb.conf -> /usr/local/samba/etc/smb.conf last mod_time: Wed Nov 8 12:11:08 2006 [2006/11/08 12:11:52, 5] auth/auth_util.c:make_user_info_map(160) make_user_info_map: Mapping user [lab-rr]\[wwwutz] from workstation [WALDI] [2006/11/08 12:11:52, 10] lib/gencache.c:gencache_get(285) Returning valid cache entry: key = TDOMCACHE/TIMESTAMP, value = 1162983779, timeout = Wed Nov 8 12:12:59 2006 [2006/11/08 12:11:52, 10] libsmb/trustdom_cache.c:update_trustdom_cache(326) update_trustdom_cache: not time to update trustdom_cache yet [2006/11/08 12:11:52, 10] lib/gencache.c:gencache_get(312) Cache entry with key = TDOM/LAB-RR couldn't be found [2006/11/08 12:11:52, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain lab-rr found. [2006/11/08 12:11:52, 5] auth/auth_util.c:make_user_info(75) attempting to make a user_info for wwwutz (wwwutz) [2006/11/08 12:11:52, 5] auth/auth_util.c:make_user_info(85) making strings for wwwutz's user_info struct [2006/11/08 12:11:52, 5] auth/auth_util.c:make_user_info(117) making blobs for wwwutz's user_info struct [2006/11/08 12:11:52, 10] auth/auth_util.c:make_user_info(135) made an encrypted user_info for wwwutz (wwwutz) [2006/11/08 12:11:52, 3] auth/auth.c:check_ntlm_password(220) check_ntlm_password: Checking password for unmapped user [lab-rr]\[wwwutz]@[WALDI] with the new password interface [2006/11/08 12:11:52, 3] auth/auth.c:check_ntlm_password(223) check_ntlm_password: mapped user is: [LAB-RR]\[wwwutz]@[WALDI] [2006/11/08 12:11:52, 10] auth/auth.c:check_ntlm_password(232) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2006/11/08 12:11:52, 10] auth/auth.c:check_ntlm_password(235) challenge is: [2006/11/08 12:11:52, 5] lib/util.c:dump_data(2215) [000] 32 D9 42 61 11 F7 C6 F3 2.Ba.... [2006/11/08 12:11:52, 10] auth/auth.c:check_ntlm_password(261) check_ntlm_password: guest had nothing to say [2006/11/08 12:11:52, 8] lib/util.c:is_myname(2036) is_myname("LAB-RR") returns 0 [2006/11/08 12:11:52, 6] auth/auth_sam.c:check_samstrict_security(412) check_samstrict_security: LAB-RR is not one of my local names (ROLE_DOMAIN_MEMBER) [2006/11/08 12:11:52, 10] auth/auth.c:check_ntlm_password(261) check_ntlm_password: sam had nothing to say [2006/11/08 12:11:52, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:52, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:52, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:52, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:52, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:52, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:52, 8] libsmb/namequery.c:get_sorted_dc_list(1550) get_sorted_dc_list: attempting lookup using [lmhosts wins host bcast] [2006/11/08 12:11:52, 10] lib/gencache.c:gencache_get(285) Returning valid cache entry: key = SAF/DOMAIN/LAB-RR, value = ESKUELL, timeout = Wed Nov 8 12:23:09 2006 [2006/11/08 12:11:52, 5] libsmb/namequery.c:saf_fetch(107) saf_fetch: Returning "ESKUELL" for "LAB-RR" domain [2006/11/08 12:11:52, 3] libsmb/namequery.c:get_dc_list(1426) get_dc_list: preferred server list: "ESKUELL, *" [2006/11/08 12:11:52, 10] libsmb/namequery.c:internal_resolve_name(1132) internal_resolve_name: looking up LAB-RR#1c [2006/11/08 12:11:52, 10] lib/gencache.c:gencache_get(285) Returning valid cache entry: key = NBT/LAB-RR#1C, value = 141.14.16.97:0,141.14.17.120:0,141.14.17.130:0,141.14.19.244:0, timeout = Wed Nov 8 12:13:59 2006 [2006/11/08 12:11:52, 5] libsmb/namecache.c:namecache_fetch(201) name LAB-RR#1C found. [2006/11/08 12:11:52, 8] libsmb/namequery.c:get_dc_list(1441) Adding 4 DC's from auto lookup [2006/11/08 12:11:52, 10] libsmb/namequery.c:internal_resolve_name(1132) internal_resolve_name: looking up ESKUELL#20 [2006/11/08 12:11:52, 10] lib/gencache.c:gencache_get(285) Returning valid cache entry: key = NBT/ESKUELL#20, value = 141.14.16.97:0, timeout = Wed Nov 8 12:13:59 2006 [2006/11/08 12:11:52, 5] libsmb/namecache.c:namecache_fetch(201) name ESKUELL#20 found. [2006/11/08 12:11:52, 10] libsmb/namequery.c:remove_duplicate_addrs2(408) remove_duplicate_addrs2: looking for duplicate address/port pairs [2006/11/08 12:11:52, 4] libsmb/namequery.c:get_dc_list(1528) get_dc_list: returning 4 ip addresses in an ordered list [2006/11/08 12:11:52, 4] libsmb/namequery.c:get_dc_list(1530) get_dc_list: 141.14.16.97:0 141.14.17.120:0 141.14.17.130:0 141.14.19.244:0 [2006/11/08 12:11:52, 10] libsmb/namequery.c:name_status_find(275) name_status_find: looking up LAB-RR#1c at 141.14.16.97 [2006/11/08 12:11:52, 10] lib/gencache.c:gencache_get(312) Cache entry with key = NBT/LAB-RR#1C.20.141.14.16.97 couldn't be found [2006/11/08 12:11:52, 5] libsmb/namecache.c:namecache_status_fetch(308) namecache_status_fetch: no entry for NBT/LAB-RR#1C.20.141.14.16.97 found. [2006/11/08 12:11:52, 10] lib/gencache.c:gencache_del(218) Deleting cache entry (key = NBT/LAB-RR#1C.20.141.14.16.97) [2006/11/08 12:11:52, 10] lib/util_sock.c:open_socket_in(839) bind succeeded on port 0 [2006/11/08 12:11:52, 5] libsmb/nmblib.c:send_udp(776) Sending a packet of len 50 to (141.14.16.97) on port 137 [2006/11/08 12:11:52, 10] lib/util_sock.c:read_udp_socket(293) read_udp_socket: lastip 141.14.16.97 lastport 137 read: 301 [2006/11/08 12:11:52, 10] libsmb/nmblib.c:parse_nmb(506) parse_nmb: packet id = 26725 [2006/11/08 12:11:52, 5] libsmb/nmblib.c:read_packet(754) Received a packet of len 301 from (141.14.16.97) port 137 [2006/11/08 12:11:52, 4] libsmb/nmblib.c:debug_nmb_packet(112) nmb packet from 141.14.16.97(137) header: id=26725 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=LAB-RR<1c> rr_type=33 rr_class=1 ttl=0 answers 0 char .ESKUELL hex 0A45534B55454C4C2020202020202020 answers 10 char .D.LAB-RR hex 0044004C41422D525220202020202020 answers 20 char ...LAB-RR hex 202000C4004C41422D52522020202020 answers 30 char ...ESKUELL hex 202020201CC40045534B55454C4C2020 answers 40 char D.LAB-RR hex 2020202020202044004C41422D525220 answers 50 char .D.ESKUE hex 20202020202020201B440045534B5545 answers 60 char LL .D.ADM hex 4C4C202020202020202003440041444D answers 70 char INISTRATOR .D.L hex 494E4953545241544F5220200344004C answers 80 char AB-RR .. hex 41422D52522020202020202020201EC4 answers 90 char .LAB-RR hex 004C41422D5252202020202020202020 answers a0 char .D...__MSBROWSE_ hex 1D440001025F5F4D5342524F5753455F answers b0 char _........]...... hex 5F0201C4000000F8025D840000000000 answers c0 char ................ hex 00000000000000000000000000000000 answers d0 char ................ hex 00000000000000000000000000000000 answers e0 char ... hex 000000 [2006/11/08 12:11:52, 10] libsmb/namequery.c:parse_node_status(157) ESKUELL#00: flags = 0x44 [2006/11/08 12:11:52, 10] libsmb/namequery.c:parse_node_status(157) LAB-RR#00: flags = 0xc4 [2006/11/08 12:11:52, 10] libsmb/namequery.c:parse_node_status(157) LAB-RR#1c: flags = 0xc4 [2006/11/08 12:11:52, 10] libsmb/namequery.c:parse_node_status(157) ESKUELL#20: flags = 0x44 [2006/11/08 12:11:52, 10] libsmb/namequery.c:parse_node_status(157) LAB-RR#1b: flags = 0x44 [2006/11/08 12:11:52, 10] libsmb/namequery.c:parse_node_status(157) ESKUELL#03: flags = 0x44 [2006/11/08 12:11:52, 10] libsmb/namequery.c:parse_node_status(157) ADMINISTRATOR#03: flags = 0x44 [2006/11/08 12:11:52, 10] libsmb/namequery.c:parse_node_status(157) LAB-RR#1e: flags = 0xc4 [2006/11/08 12:11:52, 10] libsmb/namequery.c:parse_node_status(157) LAB-RR#1d: flags = 0x44 [2006/11/08 12:11:52, 10] libsmb/namequery.c:parse_node_status(157) __MSBROWSE__#01: flags = 0xc4 [2006/11/08 12:11:52, 10] libsmb/namequery.c:name_status_find(315) name_status_find: name found, name ESKUELL ip address is 141.14.16.97 [2006/11/08 12:11:52, 3] libsmb/namequery_dc.c:rpc_dc_name(116) rpc_dc_name: Returning DC ESKUELL (141.14.16.97) for domain LAB-RR [2006/11/08 12:11:52, 10] passdb/secrets.c:secrets_named_mutex(779) secrets_named_mutex: got mutex for ESKUELL [2006/11/08 12:11:52, 3] libsmb/cliconnect.c:cli_start_connection(1417) Connecting to host=ESKUELL [2006/11/08 12:11:52, 3] lib/util_sock.c:open_socket_out(874) Connecting to 141.14.16.97 at port 445 [2006/11/08 12:11:52, 2] lib/util_sock.c:open_socket_out(910) error connecting to 141.14.16.97:445 (Connection refused) [2006/11/08 12:11:52, 3] lib/util_sock.c:open_socket_out(874) Connecting to 141.14.16.97 at port 139 [2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 0 [2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 0 [2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 4 [2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 8 [2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEPORT = 0 [2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 33580 [2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 33580 [2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1460 [2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,72) [2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,72) wrote 72 [2006/11/08 12:11:52, 5] libsmb/cliconnect.c:cli_session_request(1262) Sent session request [2006/11/08 12:11:52, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 0 [2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) size=0 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=0 [2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,183) [2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,183) wrote 183 [2006/11/08 12:11:52, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 91 [2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) size=91 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=7198 smb_uid=0 smb_mid=2 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=65283 (0xFF03) smb_vwv[ 2]= 257 (0x101) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 17 (0x11) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 67 (0x43) smb_vwv[11]=53248 (0xD000) smb_vwv[12]=58492 (0xE47C) smb_vwv[13]= 9947 (0x26DB) smb_vwv[14]=50947 (0xC703) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 2303 (0x8FF) smb_bcc=22 [2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) [000] 0B 57 DB 64 BB 57 6D FA 4C 00 41 00 42 00 2D 00 .W.d.Wm. L.A.B.-. [010] 52 00 52 00 00 00 R.R... [2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) size=91 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=7198 smb_uid=0 smb_mid=2 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=65283 (0xFF03) smb_vwv[ 2]= 257 (0x101) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 17 (0x11) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 67 (0x43) smb_vwv[11]=53248 (0xD000) smb_vwv[12]=58492 (0xE47C) smb_vwv[13]= 9947 (0x26DB) smb_vwv[14]=50947 (0xC703) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 2303 (0x8FF) smb_bcc=22 [2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) [000] 0B 57 DB 64 BB 57 6D FA 4C 00 41 00 42 00 2D 00 .W.d.Wm. L.A.B.-. [010] 52 00 52 00 00 00 R.R... [2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,92) [2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,92) wrote 92 [2006/11/08 12:11:52, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 124 [2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) size=124 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=7198 smb_uid=4099 smb_mid=3 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 124 (0x7C) smb_vwv[ 2]= 0 (0x0) smb_bcc=83 [2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) [000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [010] 00 4E 00 54 00 20 00 34 00 2E 00 30 00 00 00 4E .N.T. .4 ...0...N [020] 00 54 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 .T. .L.A .N. .M.a [030] 00 6E 00 61 00 67 00 65 00 72 00 20 00 34 00 2E .n.a.g.e .r. .4.. [040] 00 30 00 00 00 4C 00 41 00 42 00 2D 00 52 00 52 .0...L.A .B.-.R.R [050] 00 00 00 ... [2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) size=124 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=7198 smb_uid=4099 smb_mid=3 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 124 (0x7C) smb_vwv[ 2]= 0 (0x0) smb_bcc=83 [2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) [000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [010] 00 4E 00 54 00 20 00 34 00 2E 00 30 00 00 00 4E .N.T. .4 ...0...N [020] 00 54 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 .T. .L.A .N. .M.a [030] 00 6E 00 61 00 67 00 65 00 72 00 20 00 34 00 2E .n.a.g.e .r. .4.. [040] 00 30 00 00 00 4C 00 41 00 42 00 2D 00 52 00 52 .0...L.A .B.-.R.R [050] 00 00 00 ... [2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,82) [2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,82) wrote 82 [2006/11/08 12:11:52, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 48 [2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2055 smb_pid=7198 smb_uid=4099 smb_mid=4 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) [000] 49 50 43 00 00 00 00 IPC.... [2006/11/08 12:11:52, 10] libsmb/clientgen.c:cli_init_creds(233) cli_init_creds: user domain [2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,108) [2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,108) wrote 108 [2006/11/08 12:11:52, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 103 [2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2055 smb_pid=7198 smb_uid=4099 smb_mid=5 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 768 (0x300) smb_vwv[ 3]= 264 (0x108) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/11/08 12:11:52, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2040) Bind RPC Pipe[803]: \NETLOGON auth_type 0, auth_level 0 [2006/11/08 12:11:52, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. [010] 01 00 00 00 .... [2006/11/08 12:11:52, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 max_tsize: 10b8 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0012 max_rsize: 10b8 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 assoc_gid: 00000000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_contexts: 01 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c context_id : 0000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 001e num_transfer_syntaxes: 01 [2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001f smb_io_rpc_iface [2006/11/08 12:11:52, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 12345678 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1234 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : abcd [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : ef 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 01 23 45 67 cf fb [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000001 [2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_rpc_iface [2006/11/08 12:11:52, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_uuid uuid [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 data : 8a885d04 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0038 data : 1ceb [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 003a data : 11c9 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003c data : 9f e8 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003e data : 08 00 2b 10 48 60 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 version: 00000002 [2006/11/08 12:11:52, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x803 [2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2055 smb_pid=7198 smb_uid=4099 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 2051 (0x803) smb_bcc=87 [2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,158) [2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,158) wrote 158 [2006/11/08 12:11:52, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 124 [2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2055 smb_pid=7198 smb_uid=4099 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... [010] 00 B8 10 B8 10 33 79 06 00 0C 00 5C 50 49 50 45 .....3y. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2055 smb_pid=7198 smb_uid=4099 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... [010] 00 B8 10 B8 10 33 79 06 00 0C 00 5C 50 49 50 45 .....3y. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 12:11:52, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 68 at offset 0 [2006/11/08 12:11:52, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x803 returned 68 bytes. [2006/11/08 12:11:52, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2077) rpc_pipe_bind: Remote machine ESKUELL pipe \NETLOGON fnum 0x803 bind request returned ok. [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 max_tsize: 10b8 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0012 max_rsize: 10b8 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 assoc_gid: 00067933 [2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_addr_str [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0018 len: 000c [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a str: \PIPE\lsass. [2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) 000026 smb_io_rpc_results [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0028 num_results: 01 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002c result : 0000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002e reason : 0000 [2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_rpc_iface [2006/11/08 12:11:52, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_uuid uuid [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 data : 8a885d04 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0034 data : 1ceb [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0036 data : 11c9 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0038 data : 9f e8 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003a data : 08 00 2b 10 48 60 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 version: 00000002 [2006/11/08 12:11:52, 5] rpc_client/cli_pipe.c:check_bind_response(1701) check_bind_response: accepted! [2006/11/08 12:11:52, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2270) cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine ESKUELL and bound anonymously. [2006/11/08 12:11:52, 4] passdb/secrets.c:secrets_fetch_trust_account_password(285) Using cleartext machine password [2006/11/08 12:11:52, 4] rpc_client/cli_netlogon.c:rpccli_net_req_chal(45) cli_net_req_chal: LSA Request Challenge from WARTHOLE to \\ESKUELL [2006/11/08 12:11:52, 5] rpc_parse/parse_net.c:init_q_req_chal(679) init_q_req_chal: 679 [2006/11/08 12:11:52, 5] rpc_parse/parse_net.c:init_q_req_chal(688) init_q_req_chal: 688 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_req_chal [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 undoc_buffer: 00000001 [2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 0000000a [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 0000000a [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.E.S.K.U.E.L.L... [2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_unistr2 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_max_len: 00000009 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 offset : 00000000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c uni_str_len: 00000009 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0030 buffer : W.A.R.T.H.O.L.E... [2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) 000042 smb_io_chal [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0042 data: ce 0b 62 ec 24 9f 25 4f [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0062 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000004a [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 opnum : 0004 [2006/11/08 12:11:52, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x803 [2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) size=180 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2055 smb_pid=7198 smb_uid=4099 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 98 (0x62) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 98 (0x62) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 2051 (0x803) smb_bcc=113 [2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 62 00 00 00 02 00 00 00 4A .......b .......J [020] 00 00 00 00 00 04 00 01 00 00 00 0A 00 00 00 00 ........ ........ [030] 00 00 00 0A 00 00 00 5C 00 5C 00 45 00 53 00 4B .......\ .\.E.S.K [040] 00 55 00 45 00 4C 00 4C 00 00 00 09 00 00 00 00 .U.E.L.L ........ [050] 00 00 00 09 00 00 00 57 00 41 00 52 00 54 00 48 .......W .A.R.T.H [060] 00 4F 00 4C 00 45 00 00 00 CE 0B 62 EC 24 9F 25 .O.L.E.. ...b.$.% [070] 4F O [2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,184) [2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,184) wrote 184 [2006/11/08 12:11:52, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 92 [2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2055 smb_pid=7198 smb_uid=4099 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) [000] 62 05 00 02 03 10 00 00 00 24 00 00 00 02 00 00 b....... .$...... [010] 00 0C 00 00 00 00 00 00 00 65 67 46 A9 00 00 00 ........ .egF.... [020] 00 00 00 00 00 ..... [2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2055 smb_pid=7198 smb_uid=4099 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) [000] 62 05 00 02 03 10 00 00 00 24 00 00 00 02 00 00 b....... .$...... [010] 00 0C 00 00 00 00 00 00 00 65 67 46 A9 00 00 00 ........ .egF.... [020] 00 00 00 00 00 ..... [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0024 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000000c [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/11/08 12:11:52, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0 [2006/11/08 12:11:52, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 36 at offset 0 [2006/11/08 12:11:52, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x803 returned 24 bytes. [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_req_chal [2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_chal [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0000 data: 65 67 46 a9 00 00 00 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) 0008 status: NT_STATUS_OK [2006/11/08 12:11:52, 10] libsmb/credentials.c:creds_client_init(286) creds_client_init: neg_flags : 400701ff [2006/11/08 12:11:52, 10] libsmb/credentials.c:creds_client_init(287) creds_client_init: client chal : CE0B62EC249F254F [2006/11/08 12:11:52, 10] libsmb/credentials.c:creds_client_init(288) creds_client_init: server chal : 656746A900000000 [2006/11/08 12:11:52, 5] libsmb/credentials.c:creds_init_64(117) creds_init_64 [2006/11/08 12:11:52, 5] libsmb/credentials.c:creds_init_64(118) clnt_chal_in: CE0B62EC249F254F [2006/11/08 12:11:52, 5] libsmb/credentials.c:creds_init_64(119) srv_chal_in : 656746A900000000 [2006/11/08 12:11:52, 5] libsmb/credentials.c:creds_init_64(120) clnt+srv : 3373A895249F254F [2006/11/08 12:11:52, 5] libsmb/credentials.c:creds_init_64(121) sess_key_out : A5265A73A6B9A3A4 [2006/11/08 12:11:52, 10] libsmb/credentials.c:creds_client_init(306) creds_client_init: clnt : B4ECD6436F1909A5 [2006/11/08 12:11:52, 10] libsmb/credentials.c:creds_client_init(307) creds_client_init: server : D35C4D9DEB7F5947 [2006/11/08 12:11:52, 10] libsmb/credentials.c:creds_client_init(308) creds_client_init: seed : B4ECD6436F1909A5 [2006/11/08 12:11:52, 4] rpc_client/cli_netlogon.c:rpccli_net_auth2(168) cli_net_auth2: srv:\\ESKUELL acct:WARTHOLE$ sc:2 mc: WARTHOLE neg: 400701ff [2006/11/08 12:11:52, 5] rpc_parse/parse_net.c:init_q_auth_2(800) init_q_auth_2: 800 [2006/11/08 12:11:52, 5] rpc_parse/parse_misc.c:init_log_info(1409) make_log_info 1409 [2006/11/08 12:11:52, 5] rpc_parse/parse_net.c:init_q_auth_2(806) init_q_auth_2: 806 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_auth_2 [2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_log_info [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 undoc_buffer: 00000001 [2006/11/08 12:11:52, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 unistr2 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 0000000a [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 0000000a [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.E.S.K.U.E.L.L... [2006/11/08 12:11:52, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_unistr2 unistr2 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_max_len: 0000000a [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 offset : 00000000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c uni_str_len: 0000000a [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0030 buffer : W.A.R.T.H.O.L.E.$... [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0044 sec_chan: 0002 [2006/11/08 12:11:52, 7] rpc_parse/parse_prs.c:prs_debug(84) 000046 smb_io_unistr2 unistr2 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0048 uni_max_len: 00000009 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c offset : 00000000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0050 uni_str_len: 00000009 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0054 buffer : W.A.R.T.H.O.L.E... [2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) 000066 smb_io_chal [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0066 data: b4 ec d6 43 6f 19 09 a5 [2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) 00006e net_io_neg_flags [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0070 neg_flags: 400701ff [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 008c [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000074 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 opnum : 000f [2006/11/08 12:11:52, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x803 [2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) size=222 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2055 smb_pid=7198 smb_uid=4099 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 140 (0x8C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 140 (0x8C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 2051 (0x803) smb_bcc=155 [2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 8C 00 00 00 03 00 00 00 74 ........ .......t [020] 00 00 00 00 00 0F 00 01 00 00 00 0A 00 00 00 00 ........ ........ [030] 00 00 00 0A 00 00 00 5C 00 5C 00 45 00 53 00 4B .......\ .\.E.S.K [040] 00 55 00 45 00 4C 00 4C 00 00 00 0A 00 00 00 00 .U.E.L.L ........ [050] 00 00 00 0A 00 00 00 57 00 41 00 52 00 54 00 48 .......W .A.R.T.H [060] 00 4F 00 4C 00 45 00 24 00 00 00 02 00 00 00 09 .O.L.E.$ ........ [070] 00 00 00 00 00 00 00 09 00 00 00 57 00 41 00 52 ........ ...W.A.R [080] 00 54 00 48 00 4F 00 4C 00 45 00 00 00 B4 EC D6 .T.H.O.L .E...... [090] 43 6F 19 09 A5 00 00 FF 01 07 40 Co...... ..@ [2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,226) [2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,226) wrote 226 [2006/11/08 12:11:52, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 96 [2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2055 smb_pid=7198 smb_uid=4099 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) [000] 8C 05 00 02 03 10 00 00 00 28 00 00 00 03 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 D3 5C 4D 9D EB 7F 59 ........ ..\M...Y [020] 47 FF 01 00 40 00 00 00 00 G...@... . [2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2055 smb_pid=7198 smb_uid=4099 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) [000] 8C 05 00 02 03 10 00 00 00 28 00 00 00 03 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 D3 5C 4D 9D EB 7F 59 ........ ..\M...Y [020] 47 FF 01 00 40 00 00 00 00 G...@... . [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0028 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000010 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/11/08 12:11:52, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0 [2006/11/08 12:11:52, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 40 at offset 0 [2006/11/08 12:11:52, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x803 returned 32 bytes. [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_auth_2 [2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_chal [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0000 data: d3 5c 4d 9d eb 7f 59 47 [2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 net_io_neg_flags [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 neg_flags: 400001ff [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) 000c status: NT_STATUS_OK [2006/11/08 12:11:52, 10] libsmb/credentials.c:creds_client_check(325) creds_client_check: credentials check OK. [2006/11/08 12:11:52, 5] rpc_client/cli_netlogon.c:rpccli_netlogon_setup_creds(344) rpccli_netlogon_setup_creds: server ESKUELL credential chain established. [2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,108) [2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,108) wrote 108 [2006/11/08 12:11:52, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 103 [2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2055 smb_pid=7198 smb_uid=4099 smb_mid=9 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 1024 (0x400) smb_vwv[ 3]= 264 (0x108) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/11/08 12:11:52, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2040) Bind RPC Pipe[804]: \NETLOGON auth_type 2, auth_level 6 [2006/11/08 12:11:52, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. [010] 01 00 00 00 .... [2006/11/08 12:11:52, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_auth_schannel_neg schannel_neg [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 type1: 00000000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 type2: 00000003 [2006/11/08 12:11:52, 6] lib/util.c:dump_data(2215) [000] 4C 41 42 2D 52 52 LAB-RR [2006/11/08 12:11:52, 6] lib/util.c:dump_data(2215) [000] 57 41 52 54 48 4F 4C 45 WARTHOLE [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0068 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0018 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 max_tsize: 10b8 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0012 max_rsize: 10b8 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 assoc_gid: 00000000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_contexts: 01 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c context_id : 0000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 001e num_transfer_syntaxes: 01 [2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001f smb_io_rpc_iface [2006/11/08 12:11:52, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 12345678 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1234 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : abcd [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : ef 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 01 23 45 67 cf fb [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000001 [2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_rpc_iface [2006/11/08 12:11:52, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_uuid uuid [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 data : 8a885d04 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0038 data : 1ceb [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 003a data : 11c9 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003c data : 9f e8 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003e data : 08 00 2b 10 48 60 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 version: 00000002 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_rpc_hdr_auth hdr_auth [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0048 auth_type : 44 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0049 auth_level : 06 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004a auth_pad_len : 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004b auth_reserved: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c auth_context_id: 00000001 [2006/11/08 12:11:52, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x804 [2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) size=186 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2055 smb_pid=7198 smb_uid=4099 smb_mid=10 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 104 (0x68) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 2052 (0x804) smb_bcc=119 [2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 68 00 18 00 04 00 00 00 B8 .......h ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ [060] 00 00 00 03 00 00 00 4C 41 42 2D 52 52 00 57 41 .......L AB-RR.WA [070] 52 54 48 4F 4C 45 00 RTHOLE. [2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,190) [2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,190) wrote 190 [2006/11/08 12:11:52, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 144 [2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2055 smb_pid=7198 smb_uid=4099 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) [000] 68 05 00 0C 03 10 00 00 00 58 00 0C 00 04 00 00 h....... .X...... [010] 00 B8 10 B8 10 34 79 06 00 0C 00 5C 50 49 50 45 .....4y. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 7A 19 00 ......z. . [2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2055 smb_pid=7198 smb_uid=4099 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) [000] 68 05 00 0C 03 10 00 00 00 58 00 0C 00 04 00 00 h....... .X...... [010] 00 B8 10 B8 10 34 79 06 00 0C 00 5C 50 49 50 45 .....4y. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 7A 19 00 ......z. . [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0058 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 000c [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2006/11/08 12:11:52, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 88 at offset 0 [2006/11/08 12:11:52, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x804 returned 88 bytes. [2006/11/08 12:11:52, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2077) rpc_pipe_bind: Remote machine ESKUELL pipe \NETLOGON fnum 0x804 bind request returned ok. [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0058 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 000c [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 max_tsize: 10b8 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0012 max_rsize: 10b8 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 assoc_gid: 00067934 [2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_addr_str [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0018 len: 000c [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a str: \PIPE\lsass. [2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) 000026 smb_io_rpc_results [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0028 num_results: 01 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002c result : 0000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002e reason : 0000 [2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_rpc_iface [2006/11/08 12:11:52, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_uuid uuid [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 data : 8a885d04 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0034 data : 1ceb [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0036 data : 11c9 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0038 data : 9f e8 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003a data : 08 00 2b 10 48 60 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 version: 00000002 [2006/11/08 12:11:52, 5] rpc_client/cli_pipe.c:check_bind_response(1701) check_bind_response: accepted! [2006/11/08 12:11:52, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel_with_key(2534) cli_rpc_pipe_open_schannel_with_key: opened pipe \NETLOGON to machine ESKUELL for domain LAB-RR and bound using schannel. [2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,45) [2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,45) wrote 45 [2006/11/08 12:11:52, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2055 smb_pid=7198 smb_uid=4099 smb_mid=11 smt_wct=0 smb_bcc=0 [2006/11/08 12:11:52, 10] libsmb/clientgen.c:cli_rpc_pipe_close(383) cli_rpc_pipe_close: closed pipe \NETLOGON to machine ESKUELL [2006/11/08 12:11:52, 10] libsmb/namequery.c:saf_store(70) saf_store: domain = [LAB-RR], server = [ESKUELL], expire = [1162985212] [2006/11/08 12:11:52, 10] lib/gencache.c:gencache_set(128) Adding cache entry with key = SAF/DOMAIN/LAB-RR; value = ESKUELL and timeout = Wed Nov 8 12:26:52 2006 (900 seconds ahead) [2006/11/08 12:11:52, 5] libsmb/credentials.c:creds_step(148) sequence = 0x4551bb7a [2006/11/08 12:11:52, 5] libsmb/credentials.c:creds_step(150) seed: B4ECD6436F1909A5 [2006/11/08 12:11:52, 5] libsmb/credentials.c:creds_step(155) seed+seq 2EA828896F1909A5 [2006/11/08 12:11:52, 5] libsmb/credentials.c:creds_step(159) CLIENT CC6E7587B9709673 [2006/11/08 12:11:52, 5] libsmb/credentials.c:creds_step(164) seed+seq+1 2FA828896F1909A5 [2006/11/08 12:11:52, 5] libsmb/credentials.c:creds_step(168) SERVER 32C0012425FC6999 [2006/11/08 12:11:52, 5] libsmb/credentials.c:creds_reseed(238) cred_reseed: seed 2FA828896F1909A5 [2006/11/08 12:11:52, 5] rpc_parse/parse_net.c:init_id_info2(1181) init_id_info2: 1181 [2006/11/08 12:11:52, 5] rpc_parse/parse_misc.c:init_logon_id(1588) make_logon_id: 1588 [2006/11/08 12:11:52, 5] rpc_parse/parse_net.c:init_sam_info(1275) init_sam_info: 1275 [2006/11/08 12:11:52, 5] rpc_parse/parse_misc.c:init_clnt_info2(1503) make_clnt_info: 1503 [2006/11/08 12:11:52, 5] rpc_parse/parse_misc.c:init_clnt_srv(1348) init_clnt_srv: 1348 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_sam_logon [2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_sam_info [2006/11/08 12:11:52, 7] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_clnt_info2 [2006/11/08 12:11:52, 8] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_clnt_srv [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 undoc_buffer : 00000001 [2006/11/08 12:11:52, 9] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 unistr2 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 0000000a [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 0000000a [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.E.S.K.U.E.L.L... [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 undoc_buffer2: 00000001 [2006/11/08 12:11:52, 9] rpc_parse/parse_prs.c:prs_debug(84) 000028 smb_io_unistr2 unistr2 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 uni_max_len: 00000009 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c offset : 00000000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 uni_str_len: 00000009 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0034 buffer : W.A.R.T.H.O.L.E... [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0048 ptr_cred: 00000001 [2006/11/08 12:11:52, 8] rpc_parse/parse_prs.c:prs_debug(84) 00004c smb_io_cred [2006/11/08 12:11:52, 9] rpc_parse/parse_prs.c:prs_debug(84) 00004c smb_io_chal [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 004c data: cc 6e 75 87 b9 70 96 73 [2006/11/08 12:11:52, 9] rpc_parse/parse_prs.c:prs_debug(84) 000054 smb_io_utime [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0054 time: 4551bb7a [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0058 ptr_rtn_cred : 00000001 [2006/11/08 12:11:52, 7] rpc_parse/parse_prs.c:prs_debug(84) 00005c smb_io_cred [2006/11/08 12:11:52, 8] rpc_parse/parse_prs.c:prs_debug(84) 00005c smb_io_chal [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 005c data: 00 00 00 00 00 00 00 00 [2006/11/08 12:11:52, 8] rpc_parse/parse_prs.c:prs_debug(84) 000064 smb_io_utime [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0064 time: 00000000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0068 logon_level : 0002 [2006/11/08 12:11:52, 7] rpc_parse/parse_prs.c:prs_debug(84) 00006a smb_io_sam_info_ctr logon_info [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 006a switch_value : 0002 [2006/11/08 12:11:52, 8] rpc_parse/parse_prs.c:prs_debug(84) 00006c net_io_id_info2 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 006c ptr_id_info2: 00000001 [2006/11/08 12:11:52, 9] rpc_parse/parse_prs.c:prs_debug(84) 000070 smb_io_unihdr unihdr [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0070 uni_str_len: 000c [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0072 uni_max_len: 000c [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0074 buffer : 00000001 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0078 param_ctrl: 00000820 [2006/11/08 12:11:52, 9] rpc_parse/parse_prs.c:prs_debug(84) 00007c smb_io_logon_id [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 007c low : 0000dead [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0080 high: 0000beef [2006/11/08 12:11:52, 9] rpc_parse/parse_prs.c:prs_debug(84) 000084 smb_io_unihdr unihdr [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0084 uni_str_len: 000c [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0086 uni_max_len: 000c [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0088 buffer : 00000001 [2006/11/08 12:11:52, 9] rpc_parse/parse_prs.c:prs_debug(84) 00008c smb_io_unihdr unihdr [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 008c uni_str_len: 000e [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 008e uni_max_len: 000e [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0090 buffer : 00000001 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0094 lm_chal: 32 d9 42 61 11 f7 c6 f3 [2006/11/08 12:11:52, 9] rpc_parse/parse_prs.c:prs_debug(84) 00009c smb_io_strhdr hdr_nt_chal_resp [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 009c str_str_len: 0018 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 009e str_max_len: 0018 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00a0 buffer : 00000001 [2006/11/08 12:11:52, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000a4 smb_io_strhdr hdr_lm_chal_resp [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 00a4 str_str_len: 0000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) 00a6 str_max_len: 0000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00a8 buffer : 00000000 [2006/11/08 12:11:52, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000ac smb_io_unistr2 uni_domain_name [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00ac uni_max_len: 00000006 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b0 offset : 00000000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b4 uni_str_len: 00000006 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 00b8 buffer : L.A.B.-.R.R. [2006/11/08 12:11:52, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000c4 smb_io_unistr2 uni_user_name [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c4 uni_max_len: 00000006 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c8 offset : 00000000 [2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00cc uni_str_len: 00000006 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 00d0 buffer : w.w.w.u.t.z. [2006/11/08 12:11:53, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000dc smb_io_unistr2 uni_wksta_name [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00dc uni_max_len: 00000007 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00e0 offset : 00000000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00e4 uni_str_len: 00000007 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 00e8 buffer : \.\.W.A.L.D.I. [2006/11/08 12:11:53, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000f6 smb_io_string2 nt_chal_resp [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f8 str_max_len: 00000018 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00fc offset : 00000000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0100 str_str_len: 00000018 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_string2(1096) 0104 buffer : ...H..|.....H../.;.j.... [2006/11/08 12:11:53, 9] rpc_parse/parse_prs.c:prs_debug(84) 00011c smb_io_string2 - NULL lm_chal_resp [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 011c validation_level: 0003 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0160 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0020 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000005 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000011e [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 opnum : 0002 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_debug(84) 000138 smb_io_rpc_hdr_auth hdr_auth [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0138 auth_type : 44 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0139 auth_level : 06 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 013a auth_pad_len : 02 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 013b auth_reserved: 00 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 013c auth_context_id: 00000001 [2006/11/08 12:11:53, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1356) add_schannel_auth_footer: SCHANNEL seq_num=0 [2006/11/08 12:11:53, 10] rpc_parse/parse_prs.c:schannel_encode(1633) SCHANNEL: schannel_encode seq_num=0 data_len=288 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_debug(84) 000140 smb_io_rpc_auth_schannel_chk [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0140 sig : 77 00 7a 00 ff ff 00 00 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0148 seq_num: 70 7e 98 6e a4 c7 1c d0 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0150 packet_digest: 38 da 46 05 ee 26 ec af [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0158 confounder: e5 c8 85 e4 74 73 c5 b1 [2006/11/08 12:11:53, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x804 [2006/11/08 12:11:53, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:53, 5] lib/util.c:show_msg(481) size=434 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2055 smb_pid=7198 smb_uid=4099 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 352 (0x160) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 352 (0x160) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 2052 (0x804) smb_bcc=367 [2006/11/08 12:11:53, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 60 01 20 00 05 00 00 00 1E .......` . ...... [020] 01 00 00 00 00 02 00 E9 7F 79 DA DD 61 0D 00 0A ........ .y..a... [030] 27 B6 8E 6D 7C 57 87 C4 13 0F 16 82 69 B0 AA C2 '..m|W.. ....i... [040] F1 FC 77 EF C1 B3 39 C0 F4 E3 84 70 54 27 CD 42 ..w...9. ...pT'.B [050] 3B C2 89 76 49 4C EC 08 CC 47 66 9B 89 FA E9 24 ;..vIL.. .Gf....$ [060] C0 90 13 C8 E9 85 19 29 1D C9 92 B7 47 C5 FF F1 .......) ....G... [070] 5B 7C 68 1D 87 E6 B7 07 06 A7 60 BC 36 B2 1B 31 [|h..... ..`.6..1 [080] 47 18 C1 AC B9 85 B1 D4 7D 42 A4 CB 65 50 B0 C8 G....... }B..eP.. [090] F4 8C 07 0D 72 AA AF 3E 3C 3E 96 61 0D 71 8B C5 ....r..> <>.a.q.. [0A0] B7 43 7F FA A8 4C 2B 70 43 23 FE 93 7D 0F CF B7 .C...L+p C#..}... [0B0] E9 B1 60 CD EE E0 62 94 95 BA 8C 7C 9E 8C 3B 86 ..`...b. ...|..;. [0C0] EE 6D 3C DA A1 30 DB F0 3F 77 38 47 E4 76 62 F0 .m<..0.. ?w8G.vb. [0D0] 02 61 17 0C FD D1 8B 50 A8 E7 27 18 E4 2F FE 82 .a.....P ..'../.. [0E0] 55 26 33 D5 42 92 58 BE D7 B5 F8 E7 A0 FD 18 C8 U&3.B.X. ........ [0F0] FE D5 AD 49 F3 B5 BC 52 57 D4 8A C9 C2 91 09 91 ...I...R W....... [100] 1D 78 8F 22 BD F7 1F C1 D6 22 8B F8 A8 5E 81 3C .x.".... ."...^.< [110] E4 3B F2 00 D2 4A 9B 22 64 28 ED 3B BE E0 28 BA .;...J." d(.;..(. [120] 1E 69 EA D0 07 E7 ED 46 45 32 AF CC 7E C9 12 6A .i.....F E2..~..j [130] 21 B0 E1 EC D2 72 E4 7E 95 3A 90 DE 5E 0E 74 14 !....r.~ .:..^.t. [140] F1 8B CF 25 59 6B 7A 44 06 02 00 01 00 00 00 77 ...%YkzD .......w [150] 00 7A 00 FF FF 00 00 70 7E 98 6E A4 C7 1C D0 38 .z.....p ~.n....8 [160] DA 46 05 EE 26 EC AF E5 C8 85 E4 74 73 C5 B1 .F..&... ...ts.. [2006/11/08 12:11:53, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,438) [2006/11/08 12:11:53, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,438) wrote 438 [2006/11/08 12:11:53, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 456 [2006/11/08 12:11:53, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:53, 5] lib/util.c:show_msg(481) size=456 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2055 smb_pid=7198 smb_uid=4099 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 400 (0x190) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 400 (0x190) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=401 [2006/11/08 12:11:53, 10] lib/util.c:dump_data(2215) [000] 60 05 00 02 03 10 00 00 00 90 01 20 00 05 00 00 `....... ... .... [010] 00 50 01 00 00 00 00 00 00 BC FB ED CD 0C EB F0 .P...... ........ [020] E6 48 A7 2E 4C 8B BA D9 B8 4D B4 24 59 0D BE 34 .H..L... .M.$Y..4 [030] 9B EA 94 83 C1 D9 E3 66 31 6B 2D B4 37 85 FE 47 .......f 1k-.7..G [040] C0 9C 5B 68 8D 51 AC F5 86 BE 87 B7 25 9B 3B A0 ..[h.Q.. ....%.;. [050] 6A 07 BC BB 77 65 0F FD E3 38 7D 51 24 1D 2C D6 j...we.. .8}Q$.,. [060] 43 93 1B 2A 94 45 4C 2B 73 36 07 E0 65 0C 46 31 C..*.EL+ s6..e.F1 [070] A3 68 CD B7 0E 5B C0 69 73 4C 16 D5 71 0E A0 AB .h...[.i sL..q... [080] 68 5F 12 28 10 0F C8 4A 32 63 AA 23 DA 47 1C 57 h_.(...J 2c.#.G.W [090] E5 D5 D3 0E 58 56 1A 2F 3E 7E E7 6E 67 2A C6 41 ....XV./ >~.ng*.A [0A0] F2 7D 1A 30 56 D1 23 1E 07 65 3F E6 B8 CB 8C 31 .}.0V.#. .e?....1 [0B0] 15 7B A0 80 0E 1B 8C 76 83 0E E1 4A 90 DD AB 1B .{.....v ...J.... [0C0] 6F 85 C4 56 2F DD 2C 10 F4 05 FC 7B F1 32 2E ED o..V/.,. ...{.2.. [0D0] 1A 21 C8 3D 77 89 15 AC 02 BF 5C D4 3B 7D D9 DC .!.=w... ..\.;}.. [0E0] 90 79 51 A2 36 A1 99 B3 C0 7E C7 7A 2A D7 B8 EE .yQ.6... .~.z*... [0F0] A1 46 88 96 08 80 B3 E2 42 31 DE BC C3 09 71 F1 .F...... B1....q. [100] 22 FA 7E 38 49 5D 7D C4 86 3A FA 9D 20 34 BB 39 ".~8I]}. .:.. 4.9 [110] 81 2C DC C8 F9 96 E6 90 64 8D EA D0 8A D2 84 CA .,...... d....... [120] 06 F9 57 62 51 BF D9 AE F2 AB 66 DC 15 BA 11 8C ..WbQ... ..f..... [130] 44 1A B4 4E C9 23 B7 FB 1D D4 80 61 7F D0 8E 76 D..N.#.. ...a...v [140] CD 19 3B 63 77 16 8D CA 00 04 D9 92 D6 3E 84 8C ..;cw... .....>.. [150] 9B 01 EB 64 AD 57 67 D4 B8 E9 91 82 D3 89 F6 68 ...d.Wg. .......h [160] 5A 3F B1 F4 26 B4 C3 A0 85 44 06 00 00 01 00 00 Z?..&... .D...... [170] 00 77 00 7A 00 FF FF 00 00 0C 5B 87 8E 63 1A 94 .w.z.... ..[..c.. [180] 86 6C 46 5F A8 1A 4D 74 79 CD FA 36 9A 0E 37 10 .lF_..Mt y..6..7. [190] E6 . [2006/11/08 12:11:53, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:53, 5] lib/util.c:show_msg(481) size=456 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2055 smb_pid=7198 smb_uid=4099 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 400 (0x190) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 400 (0x190) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=401 [2006/11/08 12:11:53, 10] lib/util.c:dump_data(2215) [000] 60 05 00 02 03 10 00 00 00 90 01 20 00 05 00 00 `....... ... .... [010] 00 50 01 00 00 00 00 00 00 BC FB ED CD 0C EB F0 .P...... ........ [020] E6 48 A7 2E 4C 8B BA D9 B8 4D B4 24 59 0D BE 34 .H..L... .M.$Y..4 [030] 9B EA 94 83 C1 D9 E3 66 31 6B 2D B4 37 85 FE 47 .......f 1k-.7..G [040] C0 9C 5B 68 8D 51 AC F5 86 BE 87 B7 25 9B 3B A0 ..[h.Q.. ....%.;. [050] 6A 07 BC BB 77 65 0F FD E3 38 7D 51 24 1D 2C D6 j...we.. .8}Q$.,. [060] 43 93 1B 2A 94 45 4C 2B 73 36 07 E0 65 0C 46 31 C..*.EL+ s6..e.F1 [070] A3 68 CD B7 0E 5B C0 69 73 4C 16 D5 71 0E A0 AB .h...[.i sL..q... [080] 68 5F 12 28 10 0F C8 4A 32 63 AA 23 DA 47 1C 57 h_.(...J 2c.#.G.W [090] E5 D5 D3 0E 58 56 1A 2F 3E 7E E7 6E 67 2A C6 41 ....XV./ >~.ng*.A [0A0] F2 7D 1A 30 56 D1 23 1E 07 65 3F E6 B8 CB 8C 31 .}.0V.#. .e?....1 [0B0] 15 7B A0 80 0E 1B 8C 76 83 0E E1 4A 90 DD AB 1B .{.....v ...J.... [0C0] 6F 85 C4 56 2F DD 2C 10 F4 05 FC 7B F1 32 2E ED o..V/.,. ...{.2.. [0D0] 1A 21 C8 3D 77 89 15 AC 02 BF 5C D4 3B 7D D9 DC .!.=w... ..\.;}.. [0E0] 90 79 51 A2 36 A1 99 B3 C0 7E C7 7A 2A D7 B8 EE .yQ.6... .~.z*... [0F0] A1 46 88 96 08 80 B3 E2 42 31 DE BC C3 09 71 F1 .F...... B1....q. [100] 22 FA 7E 38 49 5D 7D C4 86 3A FA 9D 20 34 BB 39 ".~8I]}. .:.. 4.9 [110] 81 2C DC C8 F9 96 E6 90 64 8D EA D0 8A D2 84 CA .,...... d....... [120] 06 F9 57 62 51 BF D9 AE F2 AB 66 DC 15 BA 11 8C ..WbQ... ..f..... [130] 44 1A B4 4E C9 23 B7 FB 1D D4 80 61 7F D0 8E 76 D..N.#.. ...a...v [140] CD 19 3B 63 77 16 8D CA 00 04 D9 92 D6 3E 84 8C ..;cw... .....>.. [150] 9B 01 EB 64 AD 57 67 D4 B8 E9 91 82 D3 89 F6 68 ...d.Wg. .......h [160] 5A 3F B1 F4 26 B4 C3 A0 85 44 06 00 00 01 00 00 Z?..&... .D...... [170] 00 77 00 7A 00 FF FF 00 00 0C 5B 87 8E 63 1A 94 .w.z.... ..[..c.. [180] 86 6C 46 5F A8 1A 4D 74 79 CD FA 36 9A 0E 37 10 .lF_..Mt y..6..7. [190] E6 . [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0190 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0020 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000005 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000150 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_debug(84) 000168 smb_io_rpc_hdr_auth hdr_auth [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0168 auth_type : 44 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0169 auth_level : 06 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 016a auth_pad_len : 00 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 016b auth_reserved: 00 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 016c auth_context_id: 00000001 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_debug(84) 000170 smb_io_rpc_auth_schannel_chk [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0170 sig : 77 00 7a 00 ff ff 00 00 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0178 seq_num: 0c 5b 87 8e 63 1a 94 86 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0180 packet_digest: 6c 46 5f a8 1a 4d 74 79 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0188 confounder: cd fa 36 9a 0e 37 10 e6 [2006/11/08 12:11:53, 10] rpc_parse/parse_prs.c:schannel_decode(1710) SCHANNEL: schannel_decode seq_num=1 data_len=336 [2006/11/08 12:11:53, 10] rpc_parse/parse_prs.c:schannel_decode(1730) SCHANNEL: schannel_decode seq_num=1 data_len=336 [2006/11/08 12:11:53, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) cli_pipe_validate_current_pdu: got pdu len 400, data_len 336, ss_len 0 [2006/11/08 12:11:53, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 400 at offset 0 [2006/11/08 12:11:53, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x804 returned 672 bytes. [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_sam_logon [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 buffer_creds: 001b207c [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_cred [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_chal [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0004 data: 32 c0 01 24 25 fc 69 99 [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 00000c smb_io_utime [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c time: 00000000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 switch_value: 0003 [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 net_io_user_info3 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 ptr_user_info : 0015aed8 [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_time logon time [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 low : 6dc42ed0 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c high: 01c70314 [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_time logoff time [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 low : ffffffff [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 high: 7fffffff [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 000028 smb_io_time kickoff time [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 low : ffffffff [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c high: 7fffffff [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_time last set time [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 low : e66ea200 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 high: 01bb61e6 [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 000038 smb_io_time can change time [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 low : e66ea200 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c high: 01bb61e6 [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 000040 smb_io_time must change time [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 low : ffffffff [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 high: 7fffffff [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_unihdr hdr_user_name [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0048 uni_str_len: 0000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 004a uni_max_len: 0000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c buffer : 00000000 [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 000050 smb_io_unihdr hdr_full_name [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0050 uni_str_len: 0000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0052 uni_max_len: 0000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0054 buffer : 00000000 [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 000058 smb_io_unihdr hdr_logon_script [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0058 uni_str_len: 0000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 005a uni_max_len: 0000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 005c buffer : 00000000 [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 000060 smb_io_unihdr hdr_profile_path [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0060 uni_str_len: 0000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0062 uni_max_len: 0000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0064 buffer : 00000000 [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 000068 smb_io_unihdr hdr_home_dir [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0068 uni_str_len: 0000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 006a uni_max_len: 0000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 006c buffer : 00000000 [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 000070 smb_io_unihdr hdr_dir_drive [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0070 uni_str_len: 0000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0072 uni_max_len: 0000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0074 buffer : 00000000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0078 logon_count : 0419 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 007a bad_pw_count : 0000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 007c user_rid : 0000040d [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0080 group_rid : 00000417 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0084 num_groups : 00000002 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0088 buffer_groups : 0015afa4 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 008c user_flgs : 00000120 [2006/11/08 12:11:53, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) dump_user_flgs account has LOGON_EXTRA_SIDS account has LOGON_NTLMV2_ENABLED [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0090 user_sess_key: 0d 92 21 6d ad d1 36 2e d3 7b ec 46 58 80 62 d3 [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000a0 smb_io_unihdr hdr_logon_srv [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 00a0 uni_str_len: 000e [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 00a2 uni_max_len: 0010 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00a4 buffer : 0015afcc [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000a8 smb_io_unihdr hdr_logon_dom [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 00a8 uni_str_len: 000c [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 00aa uni_max_len: 000e [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00ac buffer : 0015afdc [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b0 buffer_dom_id : 0015afb4 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 00b4 lm_sess_key: 6f eb 72 f2 51 2d c5 40 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00bc acct_flags : 00000000 [2006/11/08 12:11:53, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) dump_acct_flags [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c0 unkown: 00000000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c4 unkown: 00000000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c8 unkown: 00000000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00cc unkown: 00000000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d0 unkown: 00000000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d4 unkown: 00000000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d8 unkown: 00000000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00dc num_other_sids: 00000000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00e0 buffer_other_sids: 00000000 [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e4 smb_io_unistr2 - NULL uni_user_name [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e4 smb_io_unistr2 - NULL uni_full_name [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e4 smb_io_unistr2 - NULL uni_logon_script [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e4 smb_io_unistr2 - NULL uni_profile_path [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e4 smb_io_unistr2 - NULL uni_home_dir [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e4 smb_io_unistr2 - NULL uni_dir_drive [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00e4 num_groups2 : 00000002 [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e8 smb_io_gid [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00e8 g_rid: 00000201 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00ec attr : 00000007 [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000f0 smb_io_gid [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f0 g_rid: 00000417 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f4 attr : 00000007 [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000f8 smb_io_unistr2 uni_logon_srv [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f8 uni_max_len: 00000008 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00fc offset : 00000000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0100 uni_str_len: 00000007 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0104 buffer : E.S.K.U.E.L.L. [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 000112 smb_io_unistr2 uni_logon_dom [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0114 uni_max_len: 00000007 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0118 offset : 00000000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 011c uni_str_len: 00000006 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0120 buffer : L.A.B.-.R.R. [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 00012c smb_io_dom_sid2 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 012c num_auths: 00000004 [2006/11/08 12:11:53, 8] rpc_parse/parse_prs.c:prs_debug(84) 000130 smb_io_dom_sid sid [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0130 sid_rev_num: 01 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0131 num_auths : 04 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0132 id_auth[0] : 00 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0133 id_auth[1] : 00 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0134 id_auth[2] : 00 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0135 id_auth[3] : 00 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0136 id_auth[4] : 00 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0137 id_auth[5] : 05 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0138 sub_auths : 00000015 7b7e4147 61020126 26126b85 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0148 auth_resp : 00490001 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) 014c status : NT_STATUS_OK [2006/11/08 12:11:53, 10] libsmb/credentials.c:creds_client_check(325) creds_client_check: credentials check OK. [2006/11/08 12:11:53, 10] passdb/secrets.c:secrets_named_mutex_release(791) secrets_named_mutex: released mutex for ESKUELL [2006/11/08 12:11:53, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user LAB-RR\wwwutz [2006/11/08 12:11:53, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is lab-rr\wwwutz [2006/11/08 12:11:53, 5] lib/username.c:Get_Pwnam_internals(82) Trying _Get_Pwnam(), username as given is LAB-RR\wwwutz [2006/11/08 12:11:53, 5] lib/username.c:Get_Pwnam_internals(92) Trying _Get_Pwnam(), username as uppercase is LAB-RR\WWWUTZ [2006/11/08 12:11:53, 5] lib/username.c:Get_Pwnam_internals(101) Checking combinations of 0 uppercase letters in lab-rr\wwwutz [2006/11/08 12:11:53, 5] lib/username.c:Get_Pwnam_internals(107) Get_Pwnam_internals didn't find user [LAB-RR\wwwutz]! [2006/11/08 12:11:53, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user wwwutz [2006/11/08 12:11:53, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is wwwutz [2006/11/08 12:11:53, 5] lib/username.c:Get_Pwnam_internals(107) Get_Pwnam_internals did find user [wwwutz]! [2006/11/08 12:11:53, 5] auth/auth_util.c:fill_sam_account(1532) fill_sam_account: located username was [wwwutz] [2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_username(533) pdb_set_username: setting username wwwutz, was [2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_fullname(602) pdb_set_full_name: setting full name Peter Marquardt,R031,1430,, was [2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_domain(556) pdb_set_domain: setting domain WARTHOLE, was [2006/11/08 12:11:53, 4] lib/substitute.c:automount_server(407) Home server: warthole [2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_profile_path(648) pdb_set_profile_path: setting profile path \\warthole\wwwutz\profile, was [2006/11/08 12:11:53, 4] lib/substitute.c:automount_server(407) Home server: warthole [2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_homedir(695) pdb_set_homedir: setting home dir \\warthole\wwwutz, was [2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(671) pdb_set_dir_drive: setting dir drive , was NULL [2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_logon_script(625) pdb_set_logon_script: setting logon script , was [2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_user_sid(462) pdb_set_user_sid: setting user sid S-1-5-21-3841262117-2652492237-290310771-1260 [2006/11/08 12:11:53, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-3841262117-2652492237-290310771-1260 from rid 1260 [2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_nt_username(579) pdb_set_nt_username: setting nt username wwwutz, was [2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_username(533) pdb_set_username: setting username wwwutz, was wwwutz [2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_domain(556) pdb_set_domain: setting domain LAB-RR, was WARTHOLE [2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_user_sid(462) pdb_set_user_sid: setting user sid S-1-5-21-2071871815-1627521318-638741381-1037 [2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_group_sid(520) pdb_set_group_sid: setting group sid S-1-5-21-3841262117-2652492237-290310771-513 [2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_fullname(602) pdb_set_full_name: setting full name , was Peter Marquardt,R031,1430, [2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_logon_script(625) pdb_set_logon_script: setting logon script , was [2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_profile_path(648) pdb_set_profile_path: setting profile path , was \\warthole\wwwutz\profile [2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_homedir(695) pdb_set_homedir: setting home dir , was \\warthole\wwwutz [2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(671) pdb_set_dir_drive: setting dir drive , was [2006/11/08 12:11:53, 10] libsmb/samlogon_cache.c:netsamlogon_cache_store(134) netsamlogon_cache_store: SID [S-1-5-21-2071871815-1627521318-638741381-1037] [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 timestamp: 4551bb79 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_debug(84) 000004 net_io_user_info3 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 ptr_user_info : 0015aed8 [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_time logon time [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 low : 6dc42ed0 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c high: 01c70314 [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_time logoff time [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 low : ffffffff [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 high: 7fffffff [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_time kickoff time [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 low : ffffffff [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c high: 7fffffff [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_time last set time [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 low : e66ea200 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 high: 01bb61e6 [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 000028 smb_io_time can change time [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 low : e66ea200 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c high: 01bb61e6 [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_time must change time [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 low : ffffffff [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 high: 7fffffff [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 000038 smb_io_unihdr hdr_user_name [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0038 uni_str_len: 000e [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 003a uni_max_len: 000e [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c buffer : 00000001 [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 000040 smb_io_unihdr hdr_full_name [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0040 uni_str_len: 0000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0042 uni_max_len: 0000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 buffer : 00000000 [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_unihdr hdr_logon_script [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0048 uni_str_len: 0000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 004a uni_max_len: 0000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c buffer : 00000000 [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 000050 smb_io_unihdr hdr_profile_path [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0050 uni_str_len: 0000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0052 uni_max_len: 0000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0054 buffer : 00000000 [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 000058 smb_io_unihdr hdr_home_dir [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0058 uni_str_len: 0000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 005a uni_max_len: 0000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 005c buffer : 00000000 [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 000060 smb_io_unihdr hdr_dir_drive [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0060 uni_str_len: 0000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0062 uni_max_len: 0000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0064 buffer : 00000000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0068 logon_count : 0419 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 006a bad_pw_count : 0000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 006c user_rid : 0000040d [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0070 group_rid : 00000417 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0074 num_groups : 00000002 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0078 buffer_groups : 0015afa4 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 007c user_flgs : 00000120 [2006/11/08 12:11:53, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) dump_user_flgs account has LOGON_EXTRA_SIDS account has LOGON_NTLMV2_ENABLED [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0080 user_sess_key: 09 94 83 62 f1 7d 25 a6 3b 56 b0 b6 7b 29 b5 d2 [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 000090 smb_io_unihdr hdr_logon_srv [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0090 uni_str_len: 000e [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0092 uni_max_len: 0010 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0094 buffer : 0015afcc [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 000098 smb_io_unihdr hdr_logon_dom [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0098 uni_str_len: 000c [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) 009a uni_max_len: 000e [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 009c buffer : 0015afdc [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00a0 buffer_dom_id : 0015afb4 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 00a4 lm_sess_key: 6b ed d0 fd 0d 81 d6 c8 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00ac acct_flags : 00000000 [2006/11/08 12:11:53, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) dump_acct_flags [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b0 unkown: 00000000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b4 unkown: 00000000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b8 unkown: 00000000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00bc unkown: 00000000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c0 unkown: 00000000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c4 unkown: 00000000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c8 unkown: 00000000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00cc num_other_sids: 00000000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d0 buffer_other_sids: 00000000 [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 0000d4 smb_io_unistr2 uni_user_name [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d4 uni_max_len: 00000007 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d8 offset : 00000000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00dc uni_str_len: 00000007 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 00e0 buffer : w.w.w.u.t.z... [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 0000ee smb_io_unistr2 - NULL uni_full_name [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 0000ee smb_io_unistr2 - NULL uni_logon_script [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 0000ee smb_io_unistr2 - NULL uni_profile_path [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 0000ee smb_io_unistr2 - NULL uni_home_dir [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 0000ee smb_io_unistr2 - NULL uni_dir_drive [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f0 num_groups2 : 00000002 [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 0000f4 smb_io_gid [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f4 g_rid: 00000201 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f8 attr : 00000007 [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 0000fc smb_io_gid [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00fc g_rid: 00000417 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0100 attr : 00000007 [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 000104 smb_io_unistr2 uni_logon_srv [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0104 uni_max_len: 00000008 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0108 offset : 00000000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 010c uni_str_len: 00000007 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0110 buffer : E.S.K.U.E.L.L. [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 00011e smb_io_unistr2 uni_logon_dom [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0120 uni_max_len: 00000007 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0124 offset : 00000000 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0128 uni_str_len: 00000006 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 012c buffer : L.A.B.-.R.R. [2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) 000138 smb_io_dom_sid2 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0138 num_auths: 00000004 [2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) 00013c smb_io_dom_sid sid [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 013c sid_rev_num: 01 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 013d num_auths : 04 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 013e id_auth[0] : 00 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 013f id_auth[1] : 00 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0140 id_auth[2] : 00 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0141 id_auth[3] : 00 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0142 id_auth[4] : 00 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0143 id_auth[5] : 05 [2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0144 sub_auths : 00000015 7b7e4147 61020126 26126b85 [2006/11/08 12:11:53, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,45) [2006/11/08 12:11:53, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,45) wrote 45 [2006/11/08 12:11:53, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2006/11/08 12:11:53, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:53, 5] lib/util.c:show_msg(481) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2055 smb_pid=7198 smb_uid=4099 smb_mid=13 smt_wct=0 smb_bcc=0 [2006/11/08 12:11:53, 10] libsmb/clientgen.c:cli_rpc_pipe_close(383) cli_rpc_pipe_close: closed pipe \NETLOGON to machine ESKUELL [2006/11/08 12:11:53, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,39) [2006/11/08 12:11:53, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,39) wrote 39 [2006/11/08 12:11:53, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2006/11/08 12:11:53, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:53, 5] lib/util.c:show_msg(481) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2055 smb_pid=7198 smb_uid=4099 smb_mid=14 smt_wct=0 smb_bcc=0 [2006/11/08 12:11:53, 3] auth/auth.c:check_ntlm_password(269) check_ntlm_password: winbind authentication for user [wwwutz] succeeded [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:53, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:53, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:53, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:53, 5] auth/auth.c:check_ntlm_password(295) check_ntlm_password: PAM Account for user [wwwutz] succeeded [2006/11/08 12:11:53, 2] auth/auth.c:check_ntlm_password(304) check_ntlm_password: authentication for user [wwwutz] -> [wwwutz] -> [wwwutz] succeeded [2006/11/08 12:11:53, 5] auth/auth_util.c:free_user_info(1866) attempting to free (and zero) a user_info structure [2006/11/08 12:11:53, 10] auth/auth_util.c:free_user_info(1869) structure was created for wwwutz [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: WARTHOLE\wwwutz => WARTHOLE (domain), wwwutz (name) [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:53, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:53, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:53, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:53, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) getsampwnam (smbpasswd): search by name: wwwutz [2006/11/08 12:11:53, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) startsmbfilepwent_internal: opening file /var/samba/private/smbpasswd [2006/11/08 12:11:53, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) getsmbfilepwent: end of file reached. [2006/11/08 12:11:53, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) endsmbfilepwent_internal: closed password file. [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:53, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:53, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:53, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: Unix User\wwwutz => Unix User (domain), wwwutz (name) [2006/11/08 12:11:53, 10] lib/util_pw.c:getpwnam_alloc(76) Got wwwutz from pwnam_cache [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_uid(1209) sid_to_uid: S-1-22-1-130 -> 130 [2006/11/08 12:11:53, 10] lib/system_smbd.c:sys_getgrouplist(125) sys_getgrouplist: user [wwwutz] [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:53, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:53, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:53, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 15 -> S-1-22-2-15 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 12003 -> S-1-22-2-12003 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 121 -> S-1-22-2-121 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 20 -> S-1-22-2-20 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 209 -> S-1-22-2-209 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 263 -> S-1-22-2-263 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 219 -> S-1-22-2-219 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 352 -> S-1-22-2-352 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 0 -> S-1-22-2-0 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 257 -> S-1-22-2-257 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 1000 -> S-1-22-2-1000 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 369 -> S-1-22-2-369 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 154 -> S-1-22-2-154 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 400 -> S-1-22-2-400 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 5000 -> S-1-22-2-5000 [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-1-130] [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-15] [2006/11/08 12:11:53, 5] lib/privileges.c:get_privileges_for_sids(458) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-5-2] [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-5-11] [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-12003] [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-121] [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-20] [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-209] [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-263] [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-219] [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-352] [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-0] [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-257] [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-1000] [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-369] [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-154] [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-400] [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-5000] [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-15 -> 15 [2006/11/08 12:11:53, 10] auth/auth_util.c:create_local_token(1022) Could not convert SID S-1-1-0 to gid, ignoring it [2006/11/08 12:11:53, 10] auth/auth_util.c:create_local_token(1022) Could not convert SID S-1-5-2 to gid, ignoring it [2006/11/08 12:11:53, 10] auth/auth_util.c:create_local_token(1022) Could not convert SID S-1-5-11 to gid, ignoring it [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-12003 -> 12003 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-121 -> 121 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-20 -> 20 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-209 -> 209 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-263 -> 263 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-219 -> 219 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-352 -> 352 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-0 -> 0 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-257 -> 257 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-1000 -> 1000 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-369 -> 369 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-154 -> 154 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-400 -> 400 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-5000 -> 5000 [2006/11/08 12:11:53, 10] auth/auth_util.c:debug_nt_user_token(452) NT user token of user S-1-22-1-130 contains 19 SIDs SID[ 0]: S-1-22-1-130 SID[ 1]: S-1-22-2-15 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-12003 SID[ 6]: S-1-22-2-121 SID[ 7]: S-1-22-2-20 SID[ 8]: S-1-22-2-209 SID[ 9]: S-1-22-2-263 SID[ 10]: S-1-22-2-219 SID[ 11]: S-1-22-2-352 SID[ 12]: S-1-22-2-0 SID[ 13]: S-1-22-2-257 SID[ 14]: S-1-22-2-1000 SID[ 15]: S-1-22-2-369 SID[ 16]: S-1-22-2-154 SID[ 17]: S-1-22-2-400 SID[ 18]: S-1-22-2-5000 SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 12:11:53, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(132) Got NT session key of length 16 [2006/11/08 12:11:53, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(139) Got LM session key of length 8 [2006/11/08 12:11:53, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(738) ntlmssp_server_auth: Created NTLM2 session key. [2006/11/08 12:11:53, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2006/11/08 12:11:53, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xe0088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2006/11/08 12:11:53, 10] smbd/password.c:register_vuid(185) register_vuid: allocated vuid = 101 [2006/11/08 12:11:53, 10] lib/util_pw.c:getpwnam_alloc(76) Got wwwutz from pwnam_cache [2006/11/08 12:11:53, 10] smbd/password.c:register_vuid(273) register_vuid: (130,15) wwwutz wwwutz LAB-RR guest=0 [2006/11/08 12:11:53, 3] smbd/password.c:register_vuid(279) User name: wwwutz Real name: [2006/11/08 12:11:53, 3] smbd/password.c:register_vuid(300) UNIX uid 130 is UNIX user wwwutz, and will be vuid 101 [2006/11/08 12:11:53, 7] param/loadparm.c:lp_servicenumber(5112) lp_servicenumber: couldn't find wwwutz [2006/11/08 12:11:53, 3] smbd/password.c:register_vuid(330) Adding homes service for user 'wwwutz' using home directory: '/home/wwwutz' [2006/11/08 12:11:53, 8] param/loadparm.c:add_a_service(2494) add_a_service: Creating snum = 346 for wwwutz [2006/11/08 12:11:53, 10] param/loadparm.c:hash_a_service(2541) hash_a_service: hashing index 346 for service name wwwutz [2006/11/08 12:11:53, 3] param/loadparm.c:lp_add_home(2587) adding home's share [wwwutz] for user 'wwwutz' at '/home/wwwutz' [2006/11/08 12:11:53, 6] param/loadparm.c:lp_file_list_changed(2998) lp_file_list_changed() file /usr/local/samba/etc/smb.conf.service.bkps -> /usr/local/samba/etc/smb.conf.service.bkps last mod_time: Tue Nov 7 10:59:35 2006 file /usr/local/samba/etc/smb.conf.global.%h -> /usr/local/samba/etc/smb.conf.global.warthole last mod_time: Thu Jan 1 01:00:00 1970 file /usr/local/samba/etc/smb.conf.global -> /usr/local/samba/etc/smb.conf.global last mod_time: Tue Nov 7 10:59:35 2006 file /usr/local/samba/etc/smb.conf -> /usr/local/samba/etc/smb.conf last mod_time: Wed Nov 8 12:11:08 2006 [2006/11/08 12:11:53, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:53, 5] lib/util.c:show_msg(481) size=104 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=19968 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=61 [2006/11/08 12:11:53, 10] lib/util.c:dump_data(2215) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 30 00 2E 00 32 00 33 00 63 00 00 00 4C ...0...2 .3.c...L [030] 00 41 00 42 00 2D 00 52 00 52 00 00 00 .A.B.-.R .R... [2006/11/08 12:11:53, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: 60 [2006/11/08 12:11:53, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 96 [2006/11/08 12:11:53, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x60 [2006/11/08 12:11:53, 3] smbd/process.c:process_smb(1110) Transaction 3 of length 100 [2006/11/08 12:11:53, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:53, 5] lib/util.c:show_msg(481) size=96 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=20032 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=53 [2006/11/08 12:11:53, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 5C 00 57 00 41 00 52 00 54 00 48 00 4F .\.\.W.A .R.T.H.O [010] 00 4C 00 45 00 5C 00 4D 00 41 00 4D 00 45 00 50 .L.E.\.M .A.M.E.P [020] 00 49 00 4D 00 41 00 47 00 45 00 53 00 00 00 3F .I.M.A.G .E.S...? [030] 3F 3F 3F 3F 00 ????. [2006/11/08 12:11:53, 3] smbd/process.c:switch_message(914) switch message SMBtconX (pid 7198) conn 0x0 [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:53, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:53, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:53, 5] smbd/uid.c:change_to_root_user(274) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 12:11:53, 4] smbd/reply.c:reply_tcon_and_X(668) Client requested device type [?????] for share [MAMEPIMAGES] [2006/11/08 12:11:53, 5] smbd/service.c:make_connection(1116) making a connection to 'normal' service mamepimages [2006/11/08 12:11:53, 10] smbd/share_access.c:user_ok_token(224) user_ok_token: share mamepimages is ok for unix user wwwutz [2006/11/08 12:11:53, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user wwwutz [2006/11/08 12:11:53, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is wwwutz [2006/11/08 12:11:53, 10] lib/util_pw.c:getpwnam_alloc(76) Got wwwutz from pwnam_cache [2006/11/08 12:11:53, 5] lib/username.c:Get_Pwnam_internals(107) Get_Pwnam_internals did find user [wwwutz]! [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: WARTHOLE\imgdata => WARTHOLE (domain), imgdata (name) [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:53, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:53, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:53, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:53, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) getsampwnam (smbpasswd): search by name: imgdata [2006/11/08 12:11:53, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) startsmbfilepwent_internal: opening file /var/samba/private/smbpasswd [2006/11/08 12:11:53, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) getsmbfilepwent: end of file reached. [2006/11/08 12:11:53, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) endsmbfilepwent_internal: closed password file. [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:53, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:53, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:53, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: Unix User\imgdata => Unix User (domain), imgdata (name) [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_uid(1209) sid_to_uid: S-1-22-1-1087 -> 1087 [2006/11/08 12:11:53, 10] lib/system_smbd.c:sys_getgrouplist(125) sys_getgrouplist: user [imgdata] [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:53, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:53, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:53, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 372 -> S-1-22-2-372 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 392 -> S-1-22-2-392 [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-1-1087] [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-372] [2006/11/08 12:11:53, 5] lib/privileges.c:get_privileges_for_sids(458) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-5-2] [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-5-11] [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-392] [2006/11/08 12:11:53, 3] smbd/service.c:make_connection_snum(672) Forced user imgdata [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: WARTHOLE\abt_her => WARTHOLE (domain), abt_her (name) [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:53, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:53, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:53, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: Unix Group\abt_her => Unix Group (domain), abt_her (name) [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-9000 -> 9000 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: WARTHOLE\imgdata => WARTHOLE (domain), imgdata (name) [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:53, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:53, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:53, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:53, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) getsampwnam (smbpasswd): search by name: imgdata [2006/11/08 12:11:53, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) startsmbfilepwent_internal: opening file /var/samba/private/smbpasswd [2006/11/08 12:11:53, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) getsmbfilepwent: end of file reached. [2006/11/08 12:11:53, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) endsmbfilepwent_internal: closed password file. [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:53, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:53, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:53, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: Unix User\imgdata => Unix User (domain), imgdata (name) [2006/11/08 12:11:53, 10] lib/util_pw.c:getpwnam_alloc(76) Got imgdata from pwnam_cache [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_uid(1209) sid_to_uid: S-1-22-1-1087 -> 1087 [2006/11/08 12:11:53, 10] lib/system_smbd.c:sys_getgrouplist(125) sys_getgrouplist: user [imgdata] [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:53, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:53, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:53, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:53, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 372 -> S-1-22-2-372 [2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 392 -> S-1-22-2-392 [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-1-1087] [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-372] [2006/11/08 12:11:53, 5] lib/privileges.c:get_privileges_for_sids(458) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-5-2] [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-5-11] [2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-392] [2006/11/08 12:11:53, 10] smbd/service.c:make_connection_snum(736) Could not convert SID S-1-22-1-1087 to gid, ignoring it [2006/11/08 12:11:53, 0] lib/util_str.c:safe_strcat_fn(636) ERROR: string overflow by 7 in safe_strcat [-1802264934] [2006/11/08 12:11:53, 0] lib/util_str.c:safe_strcat_fn(636) ERROR: string overflow by 11 in safe_strcat [-1651269932] [2006/11/08 12:11:53, 0] lib/util_str.c:safe_strcat_fn(636) ERROR: string overflow by 10 in safe_strcat [-745763429] [2006/11/08 12:11:53, 0] lib/util_str.c:safe_strcat_fn(636) ERROR: string overflow by 11 in safe_strcat [-1851880033] [2006/11/08 12:11:53, 0] lib/util_str.c:safe_strcat_fn(636) ERROR: string overflow by 11 in safe_strcat [-1680630116] [2006/11/08 12:11:53, 0] lib/util_str.c:safe_strcat_fn(636) ERROR: string overflow by 11 in safe_strcat [-1702061423] [2006/11/08 12:11:53, 0] lib/util_str.c:safe_strcat_fn(636) ERROR: string overflow by 11 in safe_strcat [-2003053682] [2006/11/08 12:11:54, 6] param/loadparm.c:lp_file_list_changed(2998) lp_file_list_changed() file /usr/local/samba/etc/smb.conf.service.bkps -> /usr/local/samba/etc/smb.conf.service.bkps last mod_time: Tue Nov 7 10:59:35 2006 file /usr/local/samba/etc/smb.conf.global.%h -> /usr/local/samba/etc/smb.conf.global.warthole last mod_time: Thu Jan 1 01:00:00 1970 file /usr/local/samba/etc/smb.conf.global -> /usr/local/samba/etc/smb.conf.global last mod_time: Tue Nov 7 10:59:35 2006 file /usr/local/samba/etc/smb.conf -> /usr/local/samba/etc/smb.conf last mod_time: Wed Nov 8 12:11:08 2006 [2006/11/08 12:11:54, 5] auth/auth_util.c:make_user_info_map(160) make_user_info_map: Mapping user [lab-rr]\[wwwutz] from workstation [WALDI] [2006/11/08 12:11:54, 10] lib/gencache.c:gencache_get(285) Returning valid cache entry: key = TDOMCACHE/TIMESTAMP, value = 1162983779, timeout = Wed Nov 8 12:12:59 2006 [2006/11/08 12:11:54, 10] libsmb/trustdom_cache.c:update_trustdom_cache(326) update_trustdom_cache: not time to update trustdom_cache yet [2006/11/08 12:11:54, 10] lib/gencache.c:gencache_get(312) Cache entry with key = TDOM/LAB-RR couldn't be found [2006/11/08 12:11:54, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain lab-rr found. [2006/11/08 12:11:54, 5] auth/auth_util.c:make_user_info(75) attempting to make a user_info for wwwutz (wwwutz) [2006/11/08 12:11:54, 5] auth/auth_util.c:make_user_info(85) making strings for wwwutz's user_info struct [2006/11/08 12:11:54, 5] auth/auth_util.c:make_user_info(117) making blobs for wwwutz's user_info struct [2006/11/08 12:11:54, 10] auth/auth_util.c:make_user_info(135) made an encrypted user_info for wwwutz (wwwutz) [2006/11/08 12:11:54, 3] auth/auth.c:check_ntlm_password(220) check_ntlm_password: Checking password for unmapped user [lab-rr]\[wwwutz]@[WALDI] with the new password interface [2006/11/08 12:11:54, 3] auth/auth.c:check_ntlm_password(223) check_ntlm_password: mapped user is: [LAB-RR]\[wwwutz]@[WALDI] [2006/11/08 12:11:54, 10] auth/auth.c:check_ntlm_password(232) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2006/11/08 12:11:54, 10] auth/auth.c:check_ntlm_password(235) challenge is: [2006/11/08 12:11:54, 5] lib/util.c:dump_data(2215) [000] 58 E8 63 9D AD DC 2E 70 X.c....p [2006/11/08 12:11:54, 10] auth/auth.c:check_ntlm_password(261) check_ntlm_password: guest had nothing to say [2006/11/08 12:11:54, 8] lib/util.c:is_myname(2036) is_myname("LAB-RR") returns 0 [2006/11/08 12:11:54, 6] auth/auth_sam.c:check_samstrict_security(412) check_samstrict_security: LAB-RR is not one of my local names (ROLE_DOMAIN_MEMBER) [2006/11/08 12:11:54, 10] auth/auth.c:check_ntlm_password(261) check_ntlm_password: sam had nothing to say [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:54, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:54, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:54, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:54, 8] libsmb/namequery.c:get_sorted_dc_list(1550) get_sorted_dc_list: attempting lookup using [lmhosts wins host bcast] [2006/11/08 12:11:54, 10] lib/gencache.c:gencache_get(285) Returning valid cache entry: key = SAF/DOMAIN/LAB-RR, value = ESKUELL, timeout = Wed Nov 8 12:26:52 2006 [2006/11/08 12:11:54, 5] libsmb/namequery.c:saf_fetch(107) saf_fetch: Returning "ESKUELL" for "LAB-RR" domain [2006/11/08 12:11:54, 3] libsmb/namequery.c:get_dc_list(1426) get_dc_list: preferred server list: "ESKUELL, *" [2006/11/08 12:11:54, 10] libsmb/namequery.c:internal_resolve_name(1132) internal_resolve_name: looking up LAB-RR#1c [2006/11/08 12:11:54, 10] lib/gencache.c:gencache_get(285) Returning valid cache entry: key = NBT/LAB-RR#1C, value = 141.14.16.97:0,141.14.17.120:0,141.14.17.130:0,141.14.19.244:0, timeout = Wed Nov 8 12:13:59 2006 [2006/11/08 12:11:54, 5] libsmb/namecache.c:namecache_fetch(201) name LAB-RR#1C found. [2006/11/08 12:11:54, 8] libsmb/namequery.c:get_dc_list(1441) Adding 4 DC's from auto lookup [2006/11/08 12:11:54, 10] libsmb/namequery.c:internal_resolve_name(1132) internal_resolve_name: looking up ESKUELL#20 [2006/11/08 12:11:54, 10] lib/gencache.c:gencache_get(285) Returning valid cache entry: key = NBT/ESKUELL#20, value = 141.14.16.97:0, timeout = Wed Nov 8 12:13:59 2006 [2006/11/08 12:11:54, 5] libsmb/namecache.c:namecache_fetch(201) name ESKUELL#20 found. [2006/11/08 12:11:54, 10] libsmb/namequery.c:remove_duplicate_addrs2(408) remove_duplicate_addrs2: looking for duplicate address/port pairs [2006/11/08 12:11:54, 4] libsmb/namequery.c:get_dc_list(1528) get_dc_list: returning 4 ip addresses in an ordered list [2006/11/08 12:11:54, 4] libsmb/namequery.c:get_dc_list(1530) get_dc_list: 141.14.16.97:0 141.14.17.120:0 141.14.17.130:0 141.14.19.244:0 [2006/11/08 12:11:54, 10] libsmb/namequery.c:name_status_find(275) name_status_find: looking up LAB-RR#1c at 141.14.16.97 [2006/11/08 12:11:54, 10] lib/gencache.c:gencache_get(312) Cache entry with key = NBT/LAB-RR#1C.20.141.14.16.97 couldn't be found [2006/11/08 12:11:54, 5] libsmb/namecache.c:namecache_status_fetch(308) namecache_status_fetch: no entry for NBT/LAB-RR#1C.20.141.14.16.97 found. [2006/11/08 12:11:54, 10] lib/gencache.c:gencache_del(218) Deleting cache entry (key = NBT/LAB-RR#1C.20.141.14.16.97) [2006/11/08 12:11:54, 10] lib/util_sock.c:open_socket_in(839) bind succeeded on port 0 [2006/11/08 12:11:54, 5] libsmb/nmblib.c:send_udp(776) Sending a packet of len 50 to (141.14.16.97) on port 137 [2006/11/08 12:11:54, 10] lib/util_sock.c:read_udp_socket(293) read_udp_socket: lastip 141.14.16.97 lastport 137 read: 301 [2006/11/08 12:11:54, 10] libsmb/nmblib.c:parse_nmb(506) parse_nmb: packet id = 18392 [2006/11/08 12:11:54, 5] libsmb/nmblib.c:read_packet(754) Received a packet of len 301 from (141.14.16.97) port 137 [2006/11/08 12:11:54, 4] libsmb/nmblib.c:debug_nmb_packet(112) nmb packet from 141.14.16.97(137) header: id=18392 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=LAB-RR<1c> rr_type=33 rr_class=1 ttl=0 answers 0 char .ESKUELL hex 0A45534B55454C4C2020202020202020 answers 10 char .D.LAB-RR hex 0044004C41422D525220202020202020 answers 20 char ...LAB-RR hex 202000C4004C41422D52522020202020 answers 30 char ...ESKUELL hex 202020201CC40045534B55454C4C2020 answers 40 char D.LAB-RR hex 2020202020202044004C41422D525220 answers 50 char .D.ESKUE hex 20202020202020201B440045534B5545 answers 60 char LL .D.ADM hex 4C4C202020202020202003440041444D answers 70 char INISTRATOR .D.L hex 494E4953545241544F5220200344004C answers 80 char AB-RR .. hex 41422D52522020202020202020201EC4 answers 90 char .LAB-RR hex 004C41422D5252202020202020202020 answers a0 char .D...__MSBROWSE_ hex 1D440001025F5F4D5342524F5753455F answers b0 char _........]...... hex 5F0201C4000000F8025D840000000000 answers c0 char ................ hex 00000000000000000000000000000000 answers d0 char ................ hex 00000000000000000000000000000000 answers e0 char ... hex 000000 [2006/11/08 12:11:54, 10] libsmb/namequery.c:parse_node_status(157) ESKUELL#00: flags = 0x44 [2006/11/08 12:11:54, 10] libsmb/namequery.c:parse_node_status(157) LAB-RR#00: flags = 0xc4 [2006/11/08 12:11:54, 10] libsmb/namequery.c:parse_node_status(157) LAB-RR#1c: flags = 0xc4 [2006/11/08 12:11:54, 10] libsmb/namequery.c:parse_node_status(157) ESKUELL#20: flags = 0x44 [2006/11/08 12:11:54, 10] libsmb/namequery.c:parse_node_status(157) LAB-RR#1b: flags = 0x44 [2006/11/08 12:11:54, 10] libsmb/namequery.c:parse_node_status(157) ESKUELL#03: flags = 0x44 [2006/11/08 12:11:54, 10] libsmb/namequery.c:parse_node_status(157) ADMINISTRATOR#03: flags = 0x44 [2006/11/08 12:11:54, 10] libsmb/namequery.c:parse_node_status(157) LAB-RR#1e: flags = 0xc4 [2006/11/08 12:11:54, 10] libsmb/namequery.c:parse_node_status(157) LAB-RR#1d: flags = 0x44 [2006/11/08 12:11:54, 10] libsmb/namequery.c:parse_node_status(157) __MSBROWSE__#01: flags = 0xc4 [2006/11/08 12:11:54, 10] libsmb/namequery.c:name_status_find(315) name_status_find: name found, name ESKUELL ip address is 141.14.16.97 [2006/11/08 12:11:54, 3] libsmb/namequery_dc.c:rpc_dc_name(116) rpc_dc_name: Returning DC ESKUELL (141.14.16.97) for domain LAB-RR [2006/11/08 12:11:54, 10] passdb/secrets.c:secrets_named_mutex(779) secrets_named_mutex: got mutex for ESKUELL [2006/11/08 12:11:54, 3] libsmb/cliconnect.c:cli_start_connection(1417) Connecting to host=ESKUELL [2006/11/08 12:11:54, 3] lib/util_sock.c:open_socket_out(874) Connecting to 141.14.16.97 at port 445 [2006/11/08 12:11:54, 2] lib/util_sock.c:open_socket_out(910) error connecting to 141.14.16.97:445 (Connection refused) [2006/11/08 12:11:54, 3] lib/util_sock.c:open_socket_out(874) Connecting to 141.14.16.97 at port 139 [2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 0 [2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 0 [2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 4 [2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 8 [2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEPORT = 0 [2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 33580 [2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 33580 [2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1460 [2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,72) [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,72) wrote 72 [2006/11/08 12:11:54, 5] libsmb/cliconnect.c:cli_session_request(1262) Sent session request [2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 0 [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=0 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=0 [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,183) [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,183) wrote 183 [2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 91 [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=91 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=12545 smb_uid=0 smb_mid=2 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=65283 (0xFF03) smb_vwv[ 2]= 257 (0x101) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 17 (0x11) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 67 (0x43) smb_vwv[11]=61440 (0xF000) smb_vwv[12]=45375 (0xB13F) smb_vwv[13]= 9948 (0x26DC) smb_vwv[14]=50947 (0xC703) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 2303 (0x8FF) smb_bcc=22 [2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) [000] 65 77 49 FA 89 40 29 9A 4C 00 41 00 42 00 2D 00 ewI..@). L.A.B.-. [010] 52 00 52 00 00 00 R.R... [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=91 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=12545 smb_uid=0 smb_mid=2 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=65283 (0xFF03) smb_vwv[ 2]= 257 (0x101) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 17 (0x11) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 67 (0x43) smb_vwv[11]=61440 (0xF000) smb_vwv[12]=45375 (0xB13F) smb_vwv[13]= 9948 (0x26DC) smb_vwv[14]=50947 (0xC703) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 2303 (0x8FF) smb_bcc=22 [2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) [000] 65 77 49 FA 89 40 29 9A 4C 00 41 00 42 00 2D 00 ewI..@). L.A.B.-. [010] 52 00 52 00 00 00 R.R... [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,92) [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,92) wrote 92 [2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 124 [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=124 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=12545 smb_uid=6144 smb_mid=3 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 124 (0x7C) smb_vwv[ 2]= 0 (0x0) smb_bcc=83 [2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) [000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [010] 00 4E 00 54 00 20 00 34 00 2E 00 30 00 00 00 4E .N.T. .4 ...0...N [020] 00 54 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 .T. .L.A .N. .M.a [030] 00 6E 00 61 00 67 00 65 00 72 00 20 00 34 00 2E .n.a.g.e .r. .4.. [040] 00 30 00 00 00 4C 00 41 00 42 00 2D 00 52 00 52 .0...L.A .B.-.R.R [050] 00 00 00 ... [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=124 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=12545 smb_uid=6144 smb_mid=3 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 124 (0x7C) smb_vwv[ 2]= 0 (0x0) smb_bcc=83 [2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) [000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [010] 00 4E 00 54 00 20 00 34 00 2E 00 30 00 00 00 4E .N.T. .4 ...0...N [020] 00 54 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 .T. .L.A .N. .M.a [030] 00 6E 00 61 00 67 00 65 00 72 00 20 00 34 00 2E .n.a.g.e .r. .4.. [040] 00 30 00 00 00 4C 00 41 00 42 00 2D 00 52 00 52 .0...L.A .B.-.R.R [050] 00 00 00 ... [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,82) [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,82) wrote 82 [2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 48 [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=12545 smb_uid=6144 smb_mid=4 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) [000] 49 50 43 00 00 00 00 IPC.... [2006/11/08 12:11:54, 10] libsmb/clientgen.c:cli_init_creds(233) cli_init_creds: user domain [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,108) [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,108) wrote 108 [2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 103 [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=12545 smb_uid=6144 smb_mid=5 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 768 (0x300) smb_vwv[ 3]= 272 (0x110) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/11/08 12:11:54, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2040) Bind RPC Pipe[1003]: \NETLOGON auth_type 0, auth_level 0 [2006/11/08 12:11:54, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. [010] 01 00 00 00 .... [2006/11/08 12:11:54, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 max_tsize: 10b8 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0012 max_rsize: 10b8 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 assoc_gid: 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_contexts: 01 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c context_id : 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 001e num_transfer_syntaxes: 01 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001f smb_io_rpc_iface [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 12345678 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1234 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : abcd [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : ef 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 01 23 45 67 cf fb [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000001 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_rpc_iface [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_uuid uuid [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 data : 8a885d04 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0038 data : 1ceb [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 003a data : 11c9 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003c data : 9f e8 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003e data : 08 00 2b 10 48 60 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 version: 00000002 [2006/11/08 12:11:54, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x1003 [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4096 smb_pid=12545 smb_uid=6144 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 4099 (0x1003) smb_bcc=87 [2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,158) [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,158) wrote 158 [2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 124 [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=12545 smb_uid=6144 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... [010] 00 B8 10 B8 10 35 79 06 00 0C 00 5C 50 49 50 45 .....5y. ...\PIPE [020] 5C 6C 73 61 73 73 00 D9 B8 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=12545 smb_uid=6144 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... [010] 00 B8 10 B8 10 35 79 06 00 0C 00 5C 50 49 50 45 .....5y. ...\PIPE [020] 5C 6C 73 61 73 73 00 D9 B8 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 68 at offset 0 [2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x1003 returned 68 bytes. [2006/11/08 12:11:54, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2077) rpc_pipe_bind: Remote machine ESKUELL pipe \NETLOGON fnum 0x1003 bind request returned ok. [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 max_tsize: 10b8 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0012 max_rsize: 10b8 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 assoc_gid: 00067935 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_addr_str [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0018 len: 000c [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a str: \PIPE\lsass. [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000026 smb_io_rpc_results [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0028 num_results: 01 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002c result : 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002e reason : 0000 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_rpc_iface [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_uuid uuid [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 data : 8a885d04 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0034 data : 1ceb [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0036 data : 11c9 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0038 data : 9f e8 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003a data : 08 00 2b 10 48 60 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 version: 00000002 [2006/11/08 12:11:54, 5] rpc_client/cli_pipe.c:check_bind_response(1701) check_bind_response: accepted! [2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2270) cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine ESKUELL and bound anonymously. [2006/11/08 12:11:54, 4] passdb/secrets.c:secrets_fetch_trust_account_password(285) Using cleartext machine password [2006/11/08 12:11:54, 4] rpc_client/cli_netlogon.c:rpccli_net_req_chal(45) cli_net_req_chal: LSA Request Challenge from WARTHOLE to \\ESKUELL [2006/11/08 12:11:54, 5] rpc_parse/parse_net.c:init_q_req_chal(679) init_q_req_chal: 679 [2006/11/08 12:11:54, 5] rpc_parse/parse_net.c:init_q_req_chal(688) init_q_req_chal: 688 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_req_chal [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 undoc_buffer: 00000001 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 0000000a [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 0000000a [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.E.S.K.U.E.L.L... [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_unistr2 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_max_len: 00000009 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 offset : 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c uni_str_len: 00000009 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0030 buffer : W.A.R.T.H.O.L.E... [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000042 smb_io_chal [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0042 data: 6b d1 4f 90 24 c3 93 2f [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0062 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000004a [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 opnum : 0004 [2006/11/08 12:11:54, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x1003 [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=180 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4096 smb_pid=12545 smb_uid=6144 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 98 (0x62) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 98 (0x62) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 4099 (0x1003) smb_bcc=113 [2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 62 00 00 00 02 00 00 00 4A .......b .......J [020] 00 00 00 00 00 04 00 01 00 00 00 0A 00 00 00 00 ........ ........ [030] 00 00 00 0A 00 00 00 5C 00 5C 00 45 00 53 00 4B .......\ .\.E.S.K [040] 00 55 00 45 00 4C 00 4C 00 00 00 09 00 00 00 00 .U.E.L.L ........ [050] 00 00 00 09 00 00 00 57 00 41 00 52 00 54 00 48 .......W .A.R.T.H [060] 00 4F 00 4C 00 45 00 00 00 6B D1 4F 90 24 C3 93 .O.L.E.. .k.O.$.. [070] 2F / [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,184) [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,184) wrote 184 [2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 92 [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=12545 smb_uid=6144 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) [000] 62 05 00 02 03 10 00 00 00 24 00 00 00 02 00 00 b....... .$...... [010] 00 0C 00 00 00 00 00 00 00 7A A3 F4 91 90 01 00 ........ .z...... [020] 00 00 00 00 00 ..... [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=12545 smb_uid=6144 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) [000] 62 05 00 02 03 10 00 00 00 24 00 00 00 02 00 00 b....... .$...... [010] 00 0C 00 00 00 00 00 00 00 7A A3 F4 91 90 01 00 ........ .z...... [020] 00 00 00 00 00 ..... [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0024 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000000c [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0 [2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 36 at offset 0 [2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x1003 returned 24 bytes. [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_req_chal [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_chal [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0000 data: 7a a3 f4 91 90 01 00 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) 0008 status: NT_STATUS_OK [2006/11/08 12:11:54, 10] libsmb/credentials.c:creds_client_init(286) creds_client_init: neg_flags : 400701ff [2006/11/08 12:11:54, 10] libsmb/credentials.c:creds_client_init(287) creds_client_init: client chal : 6BD14F9024C3932F [2006/11/08 12:11:54, 10] libsmb/credentials.c:creds_client_init(288) creds_client_init: server chal : 7AA3F49190010000 [2006/11/08 12:11:54, 5] libsmb/credentials.c:creds_init_64(117) creds_init_64 [2006/11/08 12:11:54, 5] libsmb/credentials.c:creds_init_64(118) clnt_chal_in: 6BD14F9024C3932F [2006/11/08 12:11:54, 5] libsmb/credentials.c:creds_init_64(119) srv_chal_in : 7AA3F49190010000 [2006/11/08 12:11:54, 5] libsmb/credentials.c:creds_init_64(120) clnt+srv : E5744422B4C4932F [2006/11/08 12:11:54, 5] libsmb/credentials.c:creds_init_64(121) sess_key_out : C92243A650B03F30 [2006/11/08 12:11:54, 10] libsmb/credentials.c:creds_client_init(306) creds_client_init: clnt : 027E0C7D8D5D3B33 [2006/11/08 12:11:54, 10] libsmb/credentials.c:creds_client_init(307) creds_client_init: server : DCAA19FB55DC7133 [2006/11/08 12:11:54, 10] libsmb/credentials.c:creds_client_init(308) creds_client_init: seed : 027E0C7D8D5D3B33 [2006/11/08 12:11:54, 4] rpc_client/cli_netlogon.c:rpccli_net_auth2(168) cli_net_auth2: srv:\\ESKUELL acct:WARTHOLE$ sc:2 mc: WARTHOLE neg: 400701ff [2006/11/08 12:11:54, 5] rpc_parse/parse_net.c:init_q_auth_2(800) init_q_auth_2: 800 [2006/11/08 12:11:54, 5] rpc_parse/parse_misc.c:init_log_info(1409) make_log_info 1409 [2006/11/08 12:11:54, 5] rpc_parse/parse_net.c:init_q_auth_2(806) init_q_auth_2: 806 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_auth_2 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_log_info [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 undoc_buffer: 00000001 [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 unistr2 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 0000000a [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 0000000a [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.E.S.K.U.E.L.L... [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_unistr2 unistr2 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_max_len: 0000000a [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 offset : 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c uni_str_len: 0000000a [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0030 buffer : W.A.R.T.H.O.L.E.$... [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0044 sec_chan: 0002 [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 000046 smb_io_unistr2 unistr2 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0048 uni_max_len: 00000009 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c offset : 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0050 uni_str_len: 00000009 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0054 buffer : W.A.R.T.H.O.L.E... [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000066 smb_io_chal [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0066 data: 02 7e 0c 7d 8d 5d 3b 33 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 00006e net_io_neg_flags [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0070 neg_flags: 400701ff [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 008c [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000074 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 opnum : 000f [2006/11/08 12:11:54, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x1003 [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=222 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4096 smb_pid=12545 smb_uid=6144 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 140 (0x8C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 140 (0x8C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 4099 (0x1003) smb_bcc=155 [2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 8C 00 00 00 03 00 00 00 74 ........ .......t [020] 00 00 00 00 00 0F 00 01 00 00 00 0A 00 00 00 00 ........ ........ [030] 00 00 00 0A 00 00 00 5C 00 5C 00 45 00 53 00 4B .......\ .\.E.S.K [040] 00 55 00 45 00 4C 00 4C 00 00 00 0A 00 00 00 00 .U.E.L.L ........ [050] 00 00 00 0A 00 00 00 57 00 41 00 52 00 54 00 48 .......W .A.R.T.H [060] 00 4F 00 4C 00 45 00 24 00 00 00 02 00 00 00 09 .O.L.E.$ ........ [070] 00 00 00 00 00 00 00 09 00 00 00 57 00 41 00 52 ........ ...W.A.R [080] 00 54 00 48 00 4F 00 4C 00 45 00 00 00 02 7E 0C .T.H.O.L .E....~. [090] 7D 8D 5D 3B 33 00 00 FF 01 07 40 }.];3... ..@ [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,226) [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,226) wrote 226 [2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 96 [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=12545 smb_uid=6144 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) [000] 8C 05 00 02 03 10 00 00 00 28 00 00 00 03 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 DC AA 19 FB 55 DC 71 ........ .....U.q [020] 33 FF 01 00 40 00 00 00 00 3...@... . [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=12545 smb_uid=6144 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) [000] 8C 05 00 02 03 10 00 00 00 28 00 00 00 03 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 DC AA 19 FB 55 DC 71 ........ .....U.q [020] 33 FF 01 00 40 00 00 00 00 3...@... . [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0028 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000010 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0 [2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 40 at offset 0 [2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x1003 returned 32 bytes. [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_auth_2 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_chal [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0000 data: dc aa 19 fb 55 dc 71 33 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 net_io_neg_flags [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 neg_flags: 400001ff [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) 000c status: NT_STATUS_OK [2006/11/08 12:11:54, 10] libsmb/credentials.c:creds_client_check(325) creds_client_check: credentials check OK. [2006/11/08 12:11:54, 5] rpc_client/cli_netlogon.c:rpccli_netlogon_setup_creds(344) rpccli_netlogon_setup_creds: server ESKUELL credential chain established. [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,108) [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,108) wrote 108 [2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 103 [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=12545 smb_uid=6144 smb_mid=9 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 1024 (0x400) smb_vwv[ 3]= 272 (0x110) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/11/08 12:11:54, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2040) Bind RPC Pipe[1004]: \NETLOGON auth_type 2, auth_level 6 [2006/11/08 12:11:54, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. [010] 01 00 00 00 .... [2006/11/08 12:11:54, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_auth_schannel_neg schannel_neg [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 type1: 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 type2: 00000003 [2006/11/08 12:11:54, 6] lib/util.c:dump_data(2215) [000] 4C 41 42 2D 52 52 LAB-RR [2006/11/08 12:11:54, 6] lib/util.c:dump_data(2215) [000] 57 41 52 54 48 4F 4C 45 WARTHOLE [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0068 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0018 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 max_tsize: 10b8 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0012 max_rsize: 10b8 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 assoc_gid: 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_contexts: 01 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c context_id : 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 001e num_transfer_syntaxes: 01 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001f smb_io_rpc_iface [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 12345678 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1234 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : abcd [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : ef 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 01 23 45 67 cf fb [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000001 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_rpc_iface [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_uuid uuid [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 data : 8a885d04 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0038 data : 1ceb [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 003a data : 11c9 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003c data : 9f e8 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003e data : 08 00 2b 10 48 60 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 version: 00000002 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_rpc_hdr_auth hdr_auth [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0048 auth_type : 44 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0049 auth_level : 06 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004a auth_pad_len : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004b auth_reserved: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c auth_context_id: 00000001 [2006/11/08 12:11:54, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x1004 [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=186 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4096 smb_pid=12545 smb_uid=6144 smb_mid=10 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 104 (0x68) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 4100 (0x1004) smb_bcc=119 [2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 68 00 18 00 04 00 00 00 B8 .......h ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ [060] 00 00 00 03 00 00 00 4C 41 42 2D 52 52 00 57 41 .......L AB-RR.WA [070] 52 54 48 4F 4C 45 00 RTHOLE. [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,190) [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,190) wrote 190 [2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 144 [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=12545 smb_uid=6144 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) [000] 68 05 00 0C 03 10 00 00 00 58 00 0C 00 04 00 00 h....... .X...... [010] 00 B8 10 B8 10 36 79 06 00 0C 00 5C 50 49 50 45 .....6y. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 2C 1B 00 ......,. . [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=12545 smb_uid=6144 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) [000] 68 05 00 0C 03 10 00 00 00 58 00 0C 00 04 00 00 h....... .X...... [010] 00 B8 10 B8 10 36 79 06 00 0C 00 5C 50 49 50 45 .....6y. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 2C 1B 00 ......,. . [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0058 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 000c [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 88 at offset 0 [2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x1004 returned 88 bytes. [2006/11/08 12:11:54, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2077) rpc_pipe_bind: Remote machine ESKUELL pipe \NETLOGON fnum 0x1004 bind request returned ok. [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0058 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 000c [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 max_tsize: 10b8 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0012 max_rsize: 10b8 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 assoc_gid: 00067936 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_addr_str [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0018 len: 000c [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a str: \PIPE\lsass. [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000026 smb_io_rpc_results [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0028 num_results: 01 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002c result : 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002e reason : 0000 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_rpc_iface [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_uuid uuid [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 data : 8a885d04 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0034 data : 1ceb [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0036 data : 11c9 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0038 data : 9f e8 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003a data : 08 00 2b 10 48 60 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 version: 00000002 [2006/11/08 12:11:54, 5] rpc_client/cli_pipe.c:check_bind_response(1701) check_bind_response: accepted! [2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel_with_key(2534) cli_rpc_pipe_open_schannel_with_key: opened pipe \NETLOGON to machine ESKUELL for domain LAB-RR and bound using schannel. [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,45) [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,45) wrote 45 [2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=12545 smb_uid=6144 smb_mid=11 smt_wct=0 smb_bcc=0 [2006/11/08 12:11:54, 10] libsmb/clientgen.c:cli_rpc_pipe_close(383) cli_rpc_pipe_close: closed pipe \NETLOGON to machine ESKUELL [2006/11/08 12:11:54, 10] libsmb/namequery.c:saf_store(70) saf_store: domain = [LAB-RR], server = [ESKUELL], expire = [1162985214] [2006/11/08 12:11:54, 10] lib/gencache.c:gencache_set(128) Adding cache entry with key = SAF/DOMAIN/LAB-RR; value = ESKUELL and timeout = Wed Nov 8 12:26:54 2006 (900 seconds ahead) [2006/11/08 12:11:54, 5] libsmb/credentials.c:creds_step(148) sequence = 0x4551bb7c [2006/11/08 12:11:54, 5] libsmb/credentials.c:creds_step(150) seed: 027E0C7D8D5D3B33 [2006/11/08 12:11:54, 5] libsmb/credentials.c:creds_step(155) seed+seq 7E395EC28D5D3B33 [2006/11/08 12:11:54, 5] libsmb/credentials.c:creds_step(159) CLIENT E3E5FF5B291EC937 [2006/11/08 12:11:54, 5] libsmb/credentials.c:creds_step(164) seed+seq+1 7F395EC28D5D3B33 [2006/11/08 12:11:54, 5] libsmb/credentials.c:creds_step(168) SERVER 3C3BE4CF15D2A03E [2006/11/08 12:11:54, 5] libsmb/credentials.c:creds_reseed(238) cred_reseed: seed 7F395EC28D5D3B33 [2006/11/08 12:11:54, 5] rpc_parse/parse_net.c:init_id_info2(1181) init_id_info2: 1181 [2006/11/08 12:11:54, 5] rpc_parse/parse_misc.c:init_logon_id(1588) make_logon_id: 1588 [2006/11/08 12:11:54, 5] rpc_parse/parse_net.c:init_sam_info(1275) init_sam_info: 1275 [2006/11/08 12:11:54, 5] rpc_parse/parse_misc.c:init_clnt_info2(1503) make_clnt_info: 1503 [2006/11/08 12:11:54, 5] rpc_parse/parse_misc.c:init_clnt_srv(1348) init_clnt_srv: 1348 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_sam_logon [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_sam_info [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_clnt_info2 [2006/11/08 12:11:54, 8] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_clnt_srv [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 undoc_buffer : 00000001 [2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 unistr2 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 0000000a [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 0000000a [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.E.S.K.U.E.L.L... [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 undoc_buffer2: 00000001 [2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) 000028 smb_io_unistr2 unistr2 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 uni_max_len: 00000009 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c offset : 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 uni_str_len: 00000009 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0034 buffer : W.A.R.T.H.O.L.E... [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0048 ptr_cred: 00000001 [2006/11/08 12:11:54, 8] rpc_parse/parse_prs.c:prs_debug(84) 00004c smb_io_cred [2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) 00004c smb_io_chal [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 004c data: e3 e5 ff 5b 29 1e c9 37 [2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) 000054 smb_io_utime [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0054 time: 4551bb7c [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0058 ptr_rtn_cred : 00000001 [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 00005c smb_io_cred [2006/11/08 12:11:54, 8] rpc_parse/parse_prs.c:prs_debug(84) 00005c smb_io_chal [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 005c data: 00 00 00 00 00 00 00 00 [2006/11/08 12:11:54, 8] rpc_parse/parse_prs.c:prs_debug(84) 000064 smb_io_utime [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0064 time: 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0068 logon_level : 0002 [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 00006a smb_io_sam_info_ctr logon_info [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 006a switch_value : 0002 [2006/11/08 12:11:54, 8] rpc_parse/parse_prs.c:prs_debug(84) 00006c net_io_id_info2 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 006c ptr_id_info2: 00000001 [2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) 000070 smb_io_unihdr unihdr [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0070 uni_str_len: 000c [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0072 uni_max_len: 000c [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0074 buffer : 00000001 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0078 param_ctrl: 00000820 [2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) 00007c smb_io_logon_id [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 007c low : 0000dead [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0080 high: 0000beef [2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) 000084 smb_io_unihdr unihdr [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0084 uni_str_len: 000c [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0086 uni_max_len: 000c [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0088 buffer : 00000001 [2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) 00008c smb_io_unihdr unihdr [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 008c uni_str_len: 000e [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 008e uni_max_len: 000e [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0090 buffer : 00000001 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0094 lm_chal: 58 e8 63 9d ad dc 2e 70 [2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) 00009c smb_io_strhdr hdr_nt_chal_resp [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 009c str_str_len: 0018 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 009e str_max_len: 0018 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00a0 buffer : 00000001 [2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000a4 smb_io_strhdr hdr_lm_chal_resp [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 00a4 str_str_len: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 00a6 str_max_len: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00a8 buffer : 00000000 [2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000ac smb_io_unistr2 uni_domain_name [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00ac uni_max_len: 00000006 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b0 offset : 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b4 uni_str_len: 00000006 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 00b8 buffer : L.A.B.-.R.R. [2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000c4 smb_io_unistr2 uni_user_name [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c4 uni_max_len: 00000006 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c8 offset : 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00cc uni_str_len: 00000006 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 00d0 buffer : w.w.w.u.t.z. [2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000dc smb_io_unistr2 uni_wksta_name [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00dc uni_max_len: 00000007 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00e0 offset : 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00e4 uni_str_len: 00000007 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 00e8 buffer : \.\.W.A.L.D.I. [2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000f6 smb_io_string2 nt_chal_resp [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f8 str_max_len: 00000018 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00fc offset : 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0100 str_str_len: 00000018 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_string2(1096) 0104 buffer : ....,~....(....8|..*..gi [2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) 00011c smb_io_string2 - NULL lm_chal_resp [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 011c validation_level: 0003 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0160 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0020 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000005 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000011e [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 opnum : 0002 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000138 smb_io_rpc_hdr_auth hdr_auth [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0138 auth_type : 44 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0139 auth_level : 06 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 013a auth_pad_len : 02 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 013b auth_reserved: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 013c auth_context_id: 00000001 [2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1356) add_schannel_auth_footer: SCHANNEL seq_num=0 [2006/11/08 12:11:54, 10] rpc_parse/parse_prs.c:schannel_encode(1633) SCHANNEL: schannel_encode seq_num=0 data_len=288 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000140 smb_io_rpc_auth_schannel_chk [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0140 sig : 77 00 7a 00 ff ff 00 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0148 seq_num: b7 be 64 e1 61 dc 94 d6 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0150 packet_digest: a8 ee a6 25 fc 09 13 89 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0158 confounder: e0 ec 47 22 05 1f a2 61 [2006/11/08 12:11:54, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x1004 [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=434 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=4096 smb_pid=12545 smb_uid=6144 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 352 (0x160) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 352 (0x160) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 4100 (0x1004) smb_bcc=367 [2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 60 01 20 00 05 00 00 00 1E .......` . ...... [020] 01 00 00 00 00 02 00 40 5A BD CE B4 DD EA 39 B5 .......@ Z.....9. [030] 94 DD 2A 53 5C A7 47 E6 E8 FB 82 9E 73 F4 7F 1A ..*S\.G. ....s... [040] E9 C1 43 0D 42 39 2A 9F 50 81 AF 5F 42 5F 54 B4 ..C.B9*. P.._B_T. [050] 86 E7 68 E2 85 61 6D 62 C7 A6 78 FB 7D 64 E9 1D ..h..amb ..x.}d.. [060] CD 19 E9 51 D3 C8 0F 21 01 7A FA 24 F3 45 6A EC ...Q...! .z.$.Ej. [070] 81 7E 4C E1 09 E3 51 8A 52 2B 5C 87 D9 5C 04 51 .~L...Q. R+\..\.Q [080] 4B 9E 76 84 9D 05 E0 74 F6 BD 1C 46 DF 1A DE CC K.v....t ...F.... [090] 12 D2 37 5A DB C5 3C 9C 44 A5 AA 7D 12 6D 2D 31 ..7Z..<. D..}.m-1 [0A0] 64 CE 90 C1 90 42 7D 8E BE 19 D2 D7 1E 3D 80 79 d....B}. .....=.y [0B0] 1C 11 0B 4E 47 62 35 58 21 0C E2 EE 3F E9 C9 77 ...NGb5X !...?..w [0C0] 5F BD 8F 4E DE 77 05 EF F9 85 05 FE 0A 2A DC 14 _..N.w.. .....*.. [0D0] 53 CD 0E 43 A2 6F 6A 90 B1 B0 A0 F3 07 58 83 D4 S..C.oj. .....X.. [0E0] 71 48 4E 7B 21 94 7D 21 8A A3 BD 8D 79 4F 85 66 qHN{!.}! ....yO.f [0F0] 6E 12 EB AF 08 3A E3 EC EE 2F 51 AB 4D 3D DB 48 n....:.. ./Q.M=.H [100] 99 0F CE D6 33 68 E0 2A 5B DA 34 A6 02 E9 1E F4 ....3h.* [.4..... [110] 7E 9C 89 21 E8 B9 4D 66 C9 06 1D 59 9E A2 30 F1 ~..!..Mf ...Y..0. [120] 1C 24 F5 D1 0F 7D 0C 95 98 63 BA 08 66 E8 17 67 .$...}.. .c..f..g [130] A9 CF 7B 34 28 FF 7A 84 85 4A 5B BA 3C DD ED 29 ..{4(.z. .J[.<..) [140] 50 03 B5 DF 1A B8 7F 44 06 02 00 01 00 00 00 77 P......D .......w [150] 00 7A 00 FF FF 00 00 B7 BE 64 E1 61 DC 94 D6 A8 .z...... .d.a.... [160] EE A6 25 FC 09 13 89 E0 EC 47 22 05 1F A2 61 ..%..... .G"...a [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,438) [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,438) wrote 438 [2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 456 [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=456 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=12545 smb_uid=6144 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 400 (0x190) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 400 (0x190) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=401 [2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) [000] 60 05 00 02 03 10 00 00 00 90 01 20 00 05 00 00 `....... ... .... [010] 00 50 01 00 00 00 00 00 00 04 8A 23 82 74 B7 3B .P...... ...#.t.; [020] 1A CD 68 40 F6 E9 80 CB 89 EF 4F C1 FB 74 77 DD ..h@.... ..O..tw. [030] 87 1C 64 A9 65 D4 83 94 E1 AF F6 5C CD B7 AC 13 ..d.e... ...\.... [040] 88 C3 0C DD 31 4B 2C F6 EC 5C 48 A0 9A EB 7A 02 ....1K,. .\H...z. [050] 5C 1D 0D 46 85 ED 2E 06 8F B0 EE E7 5D 37 EC 7B \..F.... ....]7.{ [060] 89 56 AB D3 50 62 6E 67 E8 01 46 FE F9 BC 14 D6 .V..Pbng ..F..... [070] 48 72 7A A4 5B EC 61 89 8A 0E 89 90 1C 3A 83 07 Hrz.[.a. .....:.. [080] 01 9F 39 78 1D 9E 7E 22 F8 49 31 83 CC FC BA 76 ..9x..~" .I1....v [090] F8 E3 E7 D5 07 16 F4 88 21 37 D6 E3 DB B3 B4 6D ........ !7.....m [0A0] 96 57 95 6F F0 AA FB 9E 56 F2 73 0D 22 84 83 DA .W.o.... V.s."... [0B0] 83 4D 01 8D CF E0 30 0B 0D BA 00 67 EE 5B 44 23 .M....0. ...g.[D# [0C0] 2D 6D DB 11 E7 15 78 74 34 93 02 59 67 AF 54 A8 -m....xt 4..Yg.T. [0D0] 6B 23 A0 37 F6 78 F8 8E 10 6C 7A BC 91 36 DE CD k#.7.x.. .lz..6.. [0E0] 1C 45 1E 3A 9F D8 4B DF D7 AE 83 84 B5 BD 7E A0 .E.:..K. ......~. [0F0] 1A E8 B6 31 FE BC FB B4 BE B5 C7 53 0D A5 4D 7E ...1.... ...S..M~ [100] E1 F5 93 74 0F 46 06 3F 57 5E 4D F0 73 CB F0 10 ...t.F.? W^M.s... [110] D1 43 4A A5 0E B8 F4 8D B9 19 1E 85 F4 AD 24 60 .CJ..... ......$` [120] C0 AE 2B 84 CC 04 62 56 0C A8 9C DF 18 BF 7D D3 ..+...bV ......}. [130] BE E3 F1 E9 60 EA 68 1A F1 01 9D 06 BF 3F 90 00 ....`.h. .....?.. [140] 3C F9 D7 C1 7F C1 72 E4 6D 47 18 05 B5 62 A9 D8 <.....r. mG...b.. [150] DF 54 FA 84 84 5C 77 FA 51 DF 0C B5 4E F1 5F 44 .T...\w. Q...N._D [160] 3F 5C C8 2D 40 8B EF 6A 69 44 06 00 00 01 00 00 ?\.-@..j iD...... [170] 00 77 00 7A 00 FF FF 00 00 76 39 F5 1B BE 4F 25 .w.z.... .v9...O% [180] A6 6E 30 4D 74 89 7B 7C F2 46 9B A5 06 58 14 EF .n0Mt.{| .F...X.. [190] 29 ) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=456 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=12545 smb_uid=6144 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 400 (0x190) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 400 (0x190) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=401 [2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) [000] 60 05 00 02 03 10 00 00 00 90 01 20 00 05 00 00 `....... ... .... [010] 00 50 01 00 00 00 00 00 00 04 8A 23 82 74 B7 3B .P...... ...#.t.; [020] 1A CD 68 40 F6 E9 80 CB 89 EF 4F C1 FB 74 77 DD ..h@.... ..O..tw. [030] 87 1C 64 A9 65 D4 83 94 E1 AF F6 5C CD B7 AC 13 ..d.e... ...\.... [040] 88 C3 0C DD 31 4B 2C F6 EC 5C 48 A0 9A EB 7A 02 ....1K,. .\H...z. [050] 5C 1D 0D 46 85 ED 2E 06 8F B0 EE E7 5D 37 EC 7B \..F.... ....]7.{ [060] 89 56 AB D3 50 62 6E 67 E8 01 46 FE F9 BC 14 D6 .V..Pbng ..F..... [070] 48 72 7A A4 5B EC 61 89 8A 0E 89 90 1C 3A 83 07 Hrz.[.a. .....:.. [080] 01 9F 39 78 1D 9E 7E 22 F8 49 31 83 CC FC BA 76 ..9x..~" .I1....v [090] F8 E3 E7 D5 07 16 F4 88 21 37 D6 E3 DB B3 B4 6D ........ !7.....m [0A0] 96 57 95 6F F0 AA FB 9E 56 F2 73 0D 22 84 83 DA .W.o.... V.s."... [0B0] 83 4D 01 8D CF E0 30 0B 0D BA 00 67 EE 5B 44 23 .M....0. ...g.[D# [0C0] 2D 6D DB 11 E7 15 78 74 34 93 02 59 67 AF 54 A8 -m....xt 4..Yg.T. [0D0] 6B 23 A0 37 F6 78 F8 8E 10 6C 7A BC 91 36 DE CD k#.7.x.. .lz..6.. [0E0] 1C 45 1E 3A 9F D8 4B DF D7 AE 83 84 B5 BD 7E A0 .E.:..K. ......~. [0F0] 1A E8 B6 31 FE BC FB B4 BE B5 C7 53 0D A5 4D 7E ...1.... ...S..M~ [100] E1 F5 93 74 0F 46 06 3F 57 5E 4D F0 73 CB F0 10 ...t.F.? W^M.s... [110] D1 43 4A A5 0E B8 F4 8D B9 19 1E 85 F4 AD 24 60 .CJ..... ......$` [120] C0 AE 2B 84 CC 04 62 56 0C A8 9C DF 18 BF 7D D3 ..+...bV ......}. [130] BE E3 F1 E9 60 EA 68 1A F1 01 9D 06 BF 3F 90 00 ....`.h. .....?.. [140] 3C F9 D7 C1 7F C1 72 E4 6D 47 18 05 B5 62 A9 D8 <.....r. mG...b.. [150] DF 54 FA 84 84 5C 77 FA 51 DF 0C B5 4E F1 5F 44 .T...\w. Q...N._D [160] 3F 5C C8 2D 40 8B EF 6A 69 44 06 00 00 01 00 00 ?\.-@..j iD...... [170] 00 77 00 7A 00 FF FF 00 00 76 39 F5 1B BE 4F 25 .w.z.... .v9...O% [180] A6 6E 30 4D 74 89 7B 7C F2 46 9B A5 06 58 14 EF .n0Mt.{| .F...X.. [190] 29 ) [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0190 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0020 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000005 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000150 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000168 smb_io_rpc_hdr_auth hdr_auth [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0168 auth_type : 44 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0169 auth_level : 06 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 016a auth_pad_len : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 016b auth_reserved: 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 016c auth_context_id: 00000001 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000170 smb_io_rpc_auth_schannel_chk [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0170 sig : 77 00 7a 00 ff ff 00 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0178 seq_num: 76 39 f5 1b be 4f 25 a6 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0180 packet_digest: 6e 30 4d 74 89 7b 7c f2 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0188 confounder: 46 9b a5 06 58 14 ef 29 [2006/11/08 12:11:54, 10] rpc_parse/parse_prs.c:schannel_decode(1710) SCHANNEL: schannel_decode seq_num=1 data_len=336 [2006/11/08 12:11:54, 10] rpc_parse/parse_prs.c:schannel_decode(1730) SCHANNEL: schannel_decode seq_num=1 data_len=336 [2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) cli_pipe_validate_current_pdu: got pdu len 400, data_len 336, ss_len 0 [2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 400 at offset 0 [2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x1004 returned 672 bytes. [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_sam_logon [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 buffer_creds: 0019306c [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_cred [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_chal [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0004 data: 3c 3b e4 cf 15 d2 a0 3e [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 00000c smb_io_utime [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c time: 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 switch_value: 0003 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 net_io_user_info3 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 ptr_user_info : 0015aed8 [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_time logon time [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 low : 6dc42ed0 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c high: 01c70314 [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_time logoff time [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 low : ffffffff [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 high: 7fffffff [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 000028 smb_io_time kickoff time [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 low : ffffffff [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c high: 7fffffff [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_time last set time [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 low : e66ea200 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 high: 01bb61e6 [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 000038 smb_io_time can change time [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 low : e66ea200 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c high: 01bb61e6 [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 000040 smb_io_time must change time [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 low : ffffffff [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 high: 7fffffff [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_unihdr hdr_user_name [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0048 uni_str_len: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 004a uni_max_len: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c buffer : 00000000 [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 000050 smb_io_unihdr hdr_full_name [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0050 uni_str_len: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0052 uni_max_len: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0054 buffer : 00000000 [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 000058 smb_io_unihdr hdr_logon_script [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0058 uni_str_len: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 005a uni_max_len: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 005c buffer : 00000000 [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 000060 smb_io_unihdr hdr_profile_path [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0060 uni_str_len: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0062 uni_max_len: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0064 buffer : 00000000 [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 000068 smb_io_unihdr hdr_home_dir [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0068 uni_str_len: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 006a uni_max_len: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 006c buffer : 00000000 [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 000070 smb_io_unihdr hdr_dir_drive [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0070 uni_str_len: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0072 uni_max_len: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0074 buffer : 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0078 logon_count : 0419 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 007a bad_pw_count : 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 007c user_rid : 0000040d [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0080 group_rid : 00000417 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0084 num_groups : 00000002 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0088 buffer_groups : 0015afa4 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 008c user_flgs : 00000120 [2006/11/08 12:11:54, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) dump_user_flgs account has LOGON_EXTRA_SIDS account has LOGON_NTLMV2_ENABLED [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0090 user_sess_key: 9f 82 ad 73 b4 fb b2 71 c0 fa 7f 1e 52 0a 0d fb [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000a0 smb_io_unihdr hdr_logon_srv [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 00a0 uni_str_len: 000e [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 00a2 uni_max_len: 0010 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00a4 buffer : 0015afcc [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000a8 smb_io_unihdr hdr_logon_dom [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 00a8 uni_str_len: 000c [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 00aa uni_max_len: 000e [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00ac buffer : 0015afdc [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b0 buffer_dom_id : 0015afb4 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 00b4 lm_sess_key: fd fb fe ec 48 07 41 1f [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00bc acct_flags : 00000000 [2006/11/08 12:11:54, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) dump_acct_flags [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c0 unkown: 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c4 unkown: 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c8 unkown: 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00cc unkown: 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d0 unkown: 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d4 unkown: 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d8 unkown: 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00dc num_other_sids: 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00e0 buffer_other_sids: 00000000 [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e4 smb_io_unistr2 - NULL uni_user_name [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e4 smb_io_unistr2 - NULL uni_full_name [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e4 smb_io_unistr2 - NULL uni_logon_script [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e4 smb_io_unistr2 - NULL uni_profile_path [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e4 smb_io_unistr2 - NULL uni_home_dir [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e4 smb_io_unistr2 - NULL uni_dir_drive [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00e4 num_groups2 : 00000002 [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e8 smb_io_gid [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00e8 g_rid: 00000201 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00ec attr : 00000007 [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000f0 smb_io_gid [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f0 g_rid: 00000417 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f4 attr : 00000007 [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000f8 smb_io_unistr2 uni_logon_srv [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f8 uni_max_len: 00000008 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00fc offset : 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0100 uni_str_len: 00000007 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0104 buffer : E.S.K.U.E.L.L. [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 000112 smb_io_unistr2 uni_logon_dom [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0114 uni_max_len: 00000007 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0118 offset : 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 011c uni_str_len: 00000006 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0120 buffer : L.A.B.-.R.R. [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 00012c smb_io_dom_sid2 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 012c num_auths: 00000004 [2006/11/08 12:11:54, 8] rpc_parse/parse_prs.c:prs_debug(84) 000130 smb_io_dom_sid sid [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0130 sid_rev_num: 01 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0131 num_auths : 04 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0132 id_auth[0] : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0133 id_auth[1] : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0134 id_auth[2] : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0135 id_auth[3] : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0136 id_auth[4] : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0137 id_auth[5] : 05 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0138 sub_auths : 00000015 7b7e4147 61020126 26126b85 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0148 auth_resp : 00490001 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) 014c status : NT_STATUS_OK [2006/11/08 12:11:54, 10] libsmb/credentials.c:creds_client_check(325) creds_client_check: credentials check OK. [2006/11/08 12:11:54, 10] passdb/secrets.c:secrets_named_mutex_release(791) secrets_named_mutex: released mutex for ESKUELL [2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user LAB-RR\wwwutz [2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is lab-rr\wwwutz [2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_internals(82) Trying _Get_Pwnam(), username as given is LAB-RR\wwwutz [2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_internals(92) Trying _Get_Pwnam(), username as uppercase is LAB-RR\WWWUTZ [2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_internals(101) Checking combinations of 0 uppercase letters in lab-rr\wwwutz [2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_internals(107) Get_Pwnam_internals didn't find user [LAB-RR\wwwutz]! [2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user wwwutz [2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is wwwutz [2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_internals(107) Get_Pwnam_internals did find user [wwwutz]! [2006/11/08 12:11:54, 5] auth/auth_util.c:fill_sam_account(1532) fill_sam_account: located username was [wwwutz] [2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_username(533) pdb_set_username: setting username wwwutz, was [2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_fullname(602) pdb_set_full_name: setting full name Peter Marquardt,R031,1430,, was [2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_domain(556) pdb_set_domain: setting domain WARTHOLE, was [2006/11/08 12:11:54, 4] lib/substitute.c:automount_server(407) Home server: warthole [2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_profile_path(648) pdb_set_profile_path: setting profile path \\warthole\wwwutz\profile, was [2006/11/08 12:11:54, 4] lib/substitute.c:automount_server(407) Home server: warthole [2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_homedir(695) pdb_set_homedir: setting home dir \\warthole\wwwutz, was [2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(671) pdb_set_dir_drive: setting dir drive , was NULL [2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_logon_script(625) pdb_set_logon_script: setting logon script , was [2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_user_sid(462) pdb_set_user_sid: setting user sid S-1-5-21-3841262117-2652492237-290310771-1260 [2006/11/08 12:11:54, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-3841262117-2652492237-290310771-1260 from rid 1260 [2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_nt_username(579) pdb_set_nt_username: setting nt username wwwutz, was [2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_username(533) pdb_set_username: setting username wwwutz, was wwwutz [2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_domain(556) pdb_set_domain: setting domain LAB-RR, was WARTHOLE [2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_user_sid(462) pdb_set_user_sid: setting user sid S-1-5-21-2071871815-1627521318-638741381-1037 [2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_group_sid(520) pdb_set_group_sid: setting group sid S-1-5-21-3841262117-2652492237-290310771-513 [2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_fullname(602) pdb_set_full_name: setting full name , was Peter Marquardt,R031,1430, [2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_logon_script(625) pdb_set_logon_script: setting logon script , was [2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_profile_path(648) pdb_set_profile_path: setting profile path , was \\warthole\wwwutz\profile [2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_homedir(695) pdb_set_homedir: setting home dir , was \\warthole\wwwutz [2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(671) pdb_set_dir_drive: setting dir drive , was [2006/11/08 12:11:54, 10] libsmb/samlogon_cache.c:netsamlogon_cache_store(134) netsamlogon_cache_store: SID [S-1-5-21-2071871815-1627521318-638741381-1037] [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 timestamp: 4551bb7a [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) 000004 net_io_user_info3 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 ptr_user_info : 0015aed8 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_time logon time [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 low : 6dc42ed0 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c high: 01c70314 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_time logoff time [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 low : ffffffff [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 high: 7fffffff [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_time kickoff time [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 low : ffffffff [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c high: 7fffffff [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_time last set time [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 low : e66ea200 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 high: 01bb61e6 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000028 smb_io_time can change time [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 low : e66ea200 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c high: 01bb61e6 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_time must change time [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 low : ffffffff [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 high: 7fffffff [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000038 smb_io_unihdr hdr_user_name [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0038 uni_str_len: 000e [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 003a uni_max_len: 000e [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c buffer : 00000001 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000040 smb_io_unihdr hdr_full_name [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0040 uni_str_len: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0042 uni_max_len: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 buffer : 00000000 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_unihdr hdr_logon_script [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0048 uni_str_len: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 004a uni_max_len: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c buffer : 00000000 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000050 smb_io_unihdr hdr_profile_path [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0050 uni_str_len: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0052 uni_max_len: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0054 buffer : 00000000 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000058 smb_io_unihdr hdr_home_dir [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0058 uni_str_len: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 005a uni_max_len: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 005c buffer : 00000000 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000060 smb_io_unihdr hdr_dir_drive [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0060 uni_str_len: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0062 uni_max_len: 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0064 buffer : 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0068 logon_count : 0419 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 006a bad_pw_count : 0000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 006c user_rid : 0000040d [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0070 group_rid : 00000417 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0074 num_groups : 00000002 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0078 buffer_groups : 0015afa4 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 007c user_flgs : 00000120 [2006/11/08 12:11:54, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) dump_user_flgs account has LOGON_EXTRA_SIDS account has LOGON_NTLMV2_ENABLED [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0080 user_sess_key: 09 94 83 62 f1 7d 25 a6 3b 56 b0 b6 7b 29 b5 d2 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000090 smb_io_unihdr hdr_logon_srv [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0090 uni_str_len: 000e [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0092 uni_max_len: 0010 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0094 buffer : 0015afcc [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000098 smb_io_unihdr hdr_logon_dom [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0098 uni_str_len: 000c [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) 009a uni_max_len: 000e [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 009c buffer : 0015afdc [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00a0 buffer_dom_id : 0015afb4 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 00a4 lm_sess_key: 6b ed d0 fd 0d 81 d6 c8 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00ac acct_flags : 00000000 [2006/11/08 12:11:54, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) dump_acct_flags [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b0 unkown: 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b4 unkown: 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b8 unkown: 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00bc unkown: 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c0 unkown: 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c4 unkown: 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c8 unkown: 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00cc num_other_sids: 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d0 buffer_other_sids: 00000000 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 0000d4 smb_io_unistr2 uni_user_name [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d4 uni_max_len: 00000007 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d8 offset : 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00dc uni_str_len: 00000007 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 00e0 buffer : w.w.w.u.t.z... [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 0000ee smb_io_unistr2 - NULL uni_full_name [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 0000ee smb_io_unistr2 - NULL uni_logon_script [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 0000ee smb_io_unistr2 - NULL uni_profile_path [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 0000ee smb_io_unistr2 - NULL uni_home_dir [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 0000ee smb_io_unistr2 - NULL uni_dir_drive [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f0 num_groups2 : 00000002 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 0000f4 smb_io_gid [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f4 g_rid: 00000201 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f8 attr : 00000007 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 0000fc smb_io_gid [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00fc g_rid: 00000417 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0100 attr : 00000007 [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000104 smb_io_unistr2 uni_logon_srv [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0104 uni_max_len: 00000008 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0108 offset : 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 010c uni_str_len: 00000007 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0110 buffer : E.S.K.U.E.L.L. [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 00011e smb_io_unistr2 uni_logon_dom [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0120 uni_max_len: 00000007 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0124 offset : 00000000 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0128 uni_str_len: 00000006 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 012c buffer : L.A.B.-.R.R. [2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) 000138 smb_io_dom_sid2 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0138 num_auths: 00000004 [2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) 00013c smb_io_dom_sid sid [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 013c sid_rev_num: 01 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 013d num_auths : 04 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 013e id_auth[0] : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 013f id_auth[1] : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0140 id_auth[2] : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0141 id_auth[3] : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0142 id_auth[4] : 00 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0143 id_auth[5] : 05 [2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0144 sub_auths : 00000015 7b7e4147 61020126 26126b85 [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,45) [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,45) wrote 45 [2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=12545 smb_uid=6144 smb_mid=13 smt_wct=0 smb_bcc=0 [2006/11/08 12:11:54, 10] libsmb/clientgen.c:cli_rpc_pipe_close(383) cli_rpc_pipe_close: closed pipe \NETLOGON to machine ESKUELL [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,39) [2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,39) wrote 39 [2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=4096 smb_pid=12545 smb_uid=6144 smb_mid=14 smt_wct=0 smb_bcc=0 [2006/11/08 12:11:54, 3] auth/auth.c:check_ntlm_password(269) check_ntlm_password: winbind authentication for user [wwwutz] succeeded [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:54, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:54, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:54, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:54, 5] auth/auth.c:check_ntlm_password(295) check_ntlm_password: PAM Account for user [wwwutz] succeeded [2006/11/08 12:11:54, 2] auth/auth.c:check_ntlm_password(304) check_ntlm_password: authentication for user [wwwutz] -> [wwwutz] -> [wwwutz] succeeded [2006/11/08 12:11:54, 5] auth/auth_util.c:free_user_info(1866) attempting to free (and zero) a user_info structure [2006/11/08 12:11:54, 10] auth/auth_util.c:free_user_info(1869) structure was created for wwwutz [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: WARTHOLE\wwwutz => WARTHOLE (domain), wwwutz (name) [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:54, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:54, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:54, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:54, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) getsampwnam (smbpasswd): search by name: wwwutz [2006/11/08 12:11:54, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) startsmbfilepwent_internal: opening file /var/samba/private/smbpasswd [2006/11/08 12:11:54, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) getsmbfilepwent: end of file reached. [2006/11/08 12:11:54, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) endsmbfilepwent_internal: closed password file. [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:54, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:54, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:54, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: Unix User\wwwutz => Unix User (domain), wwwutz (name) [2006/11/08 12:11:54, 10] lib/util_pw.c:getpwnam_alloc(76) Got wwwutz from pwnam_cache [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_uid(1209) sid_to_uid: S-1-22-1-130 -> 130 [2006/11/08 12:11:54, 10] lib/system_smbd.c:sys_getgrouplist(125) sys_getgrouplist: user [wwwutz] [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:54, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:54, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:54, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 15 -> S-1-22-2-15 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 12003 -> S-1-22-2-12003 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 121 -> S-1-22-2-121 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 20 -> S-1-22-2-20 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 209 -> S-1-22-2-209 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 263 -> S-1-22-2-263 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 219 -> S-1-22-2-219 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 352 -> S-1-22-2-352 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 0 -> S-1-22-2-0 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 257 -> S-1-22-2-257 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 1000 -> S-1-22-2-1000 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 369 -> S-1-22-2-369 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 154 -> S-1-22-2-154 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 400 -> S-1-22-2-400 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 5000 -> S-1-22-2-5000 [2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-1-130] [2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-15] [2006/11/08 12:11:54, 5] lib/privileges.c:get_privileges_for_sids(458) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-5-2] [2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-5-11] [2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-12003] [2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-121] [2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-20] [2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-209] [2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-263] [2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-219] [2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-352] [2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-0] [2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-257] [2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-1000] [2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-369] [2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-154] [2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-400] [2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-5000] [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-15 -> 15 [2006/11/08 12:11:54, 10] auth/auth_util.c:create_local_token(1022) Could not convert SID S-1-1-0 to gid, ignoring it [2006/11/08 12:11:54, 10] auth/auth_util.c:create_local_token(1022) Could not convert SID S-1-5-2 to gid, ignoring it [2006/11/08 12:11:54, 10] auth/auth_util.c:create_local_token(1022) Could not convert SID S-1-5-11 to gid, ignoring it [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-12003 -> 12003 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-121 -> 121 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-20 -> 20 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-209 -> 209 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-263 -> 263 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-219 -> 219 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-352 -> 352 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-0 -> 0 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-257 -> 257 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-1000 -> 1000 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-369 -> 369 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-154 -> 154 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-400 -> 400 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-5000 -> 5000 [2006/11/08 12:11:54, 10] auth/auth_util.c:debug_nt_user_token(452) NT user token of user S-1-22-1-130 contains 19 SIDs SID[ 0]: S-1-22-1-130 SID[ 1]: S-1-22-2-15 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-12003 SID[ 6]: S-1-22-2-121 SID[ 7]: S-1-22-2-20 SID[ 8]: S-1-22-2-209 SID[ 9]: S-1-22-2-263 SID[ 10]: S-1-22-2-219 SID[ 11]: S-1-22-2-352 SID[ 12]: S-1-22-2-0 SID[ 13]: S-1-22-2-257 SID[ 14]: S-1-22-2-1000 SID[ 15]: S-1-22-2-369 SID[ 16]: S-1-22-2-154 SID[ 17]: S-1-22-2-400 SID[ 18]: S-1-22-2-5000 SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 12:11:54, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(132) Got NT session key of length 16 [2006/11/08 12:11:54, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(139) Got LM session key of length 8 [2006/11/08 12:11:54, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(738) ntlmssp_server_auth: Created NTLM2 session key. [2006/11/08 12:11:54, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2006/11/08 12:11:54, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xe0088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2006/11/08 12:11:54, 10] smbd/password.c:register_vuid(185) register_vuid: allocated vuid = 101 [2006/11/08 12:11:54, 10] lib/util_pw.c:getpwnam_alloc(76) Got wwwutz from pwnam_cache [2006/11/08 12:11:54, 10] smbd/password.c:register_vuid(273) register_vuid: (130,15) wwwutz wwwutz LAB-RR guest=0 [2006/11/08 12:11:54, 3] smbd/password.c:register_vuid(279) User name: wwwutz Real name: [2006/11/08 12:11:54, 3] smbd/password.c:register_vuid(300) UNIX uid 130 is UNIX user wwwutz, and will be vuid 101 [2006/11/08 12:11:54, 7] param/loadparm.c:lp_servicenumber(5112) lp_servicenumber: couldn't find wwwutz [2006/11/08 12:11:54, 3] smbd/password.c:register_vuid(330) Adding homes service for user 'wwwutz' using home directory: '/home/wwwutz' [2006/11/08 12:11:54, 8] param/loadparm.c:add_a_service(2494) add_a_service: Creating snum = 346 for wwwutz [2006/11/08 12:11:54, 10] param/loadparm.c:hash_a_service(2541) hash_a_service: hashing index 346 for service name wwwutz [2006/11/08 12:11:54, 3] param/loadparm.c:lp_add_home(2587) adding home's share [wwwutz] for user 'wwwutz' at '/home/wwwutz' [2006/11/08 12:11:54, 6] param/loadparm.c:lp_file_list_changed(2998) lp_file_list_changed() file /usr/local/samba/etc/smb.conf.service.bkps -> /usr/local/samba/etc/smb.conf.service.bkps last mod_time: Tue Nov 7 10:59:35 2006 file /usr/local/samba/etc/smb.conf.global.%h -> /usr/local/samba/etc/smb.conf.global.warthole last mod_time: Thu Jan 1 01:00:00 1970 file /usr/local/samba/etc/smb.conf.global -> /usr/local/samba/etc/smb.conf.global last mod_time: Tue Nov 7 10:59:35 2006 file /usr/local/samba/etc/smb.conf -> /usr/local/samba/etc/smb.conf last mod_time: Wed Nov 8 12:11:08 2006 [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=104 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=20160 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=61 [2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 30 00 2E 00 32 00 33 00 63 00 00 00 4C ...0...2 .3.c...L [030] 00 41 00 42 00 2D 00 52 00 52 00 00 00 .A.B.-.R .R... [2006/11/08 12:11:54, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: 60 [2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 82 [2006/11/08 12:11:54, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x52 [2006/11/08 12:11:54, 3] smbd/process.c:process_smb(1110) Transaction 3 of length 86 [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=82 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=20224 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 82 (0x52) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=39 [2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 5C 00 57 00 41 00 52 00 54 00 48 00 4F .\.\.W.A .R.T.H.O [010] 00 4C 00 45 00 5C 00 49 00 50 00 43 00 24 00 00 .L.E.\.I .P.C.$.. [020] 00 3F 3F 3F 3F 3F 00 .?????. [2006/11/08 12:11:54, 3] smbd/process.c:switch_message(914) switch message SMBtconX (pid 12545) conn 0x0 [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:54, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:54, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:54, 5] smbd/uid.c:change_to_root_user(274) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 12:11:54, 4] smbd/reply.c:reply_tcon_and_X(668) Client requested device type [?????] for share [IPC$] [2006/11/08 12:11:54, 5] smbd/service.c:make_connection(1116) making a connection to 'normal' service ipc$ [2006/11/08 12:11:54, 10] smbd/share_access.c:user_ok_token(224) user_ok_token: share IPC$ is ok for unix user wwwutz [2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user wwwutz [2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is wwwutz [2006/11/08 12:11:54, 10] lib/util_pw.c:getpwnam_alloc(76) Got wwwutz from pwnam_cache [2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_internals(107) Get_Pwnam_internals did find user [wwwutz]! [2006/11/08 12:11:54, 10] smbd/service.c:set_conn_connectpath(121) set_conn_connectpath: service IPC$, connectpath = /tmp [2006/11/08 12:11:54, 3] smbd/service.c:make_connection_snum(751) Connect path is '/tmp' for service [IPC$] [2006/11/08 12:11:54, 4] lib/sharesec.c:get_share_security(130) get_share_security: using default secdesc for IPC$ [2006/11/08 12:11:54, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2006/11/08 12:11:54, 10] lib/util_seaccess.c:se_access_check(231) se_access_check: requested access 0x00000002, for NT token with 19 entries and first sid S-1-22-1-130. [2006/11/08 12:11:54, 3] lib/util_seaccess.c:se_access_check(250) [2006/11/08 12:11:54, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-130 se_access_check: also S-1-22-2-15 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-12003 se_access_check: also S-1-22-2-121 se_access_check: also S-1-22-2-20 se_access_check: also S-1-22-2-209 se_access_check: also S-1-22-2-263 se_access_check: also S-1-22-2-219 se_access_check: also S-1-22-2-352 se_access_check: also S-1-22-2-0 se_access_check: also S-1-22-2-257 se_access_check: also S-1-22-2-1000 se_access_check: also S-1-22-2-369 se_access_check: also S-1-22-2-154 se_access_check: also S-1-22-2-400 se_access_check: also S-1-22-2-5000 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2006/11/08 12:11:54, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (2) granted. [2006/11/08 12:11:54, 3] smbd/vfs.c:vfs_init_default(219) Initialising default vfs hooks [2006/11/08 12:11:54, 5] smbd/connection.c:claim_connection(170) claiming IPC$ 0 [2006/11/08 12:11:54, 10] smbd/share_access.c:user_ok_token(224) user_ok_token: share IPC$ is ok for unix user wwwutz [2006/11/08 12:11:54, 10] smbd/share_access.c:is_share_read_only_for_token(265) is_share_read_only_for_user: share IPC$ is read-only for unix user wwwutz [2006/11/08 12:11:54, 4] lib/sharesec.c:get_share_security(130) get_share_security: using default secdesc for IPC$ [2006/11/08 12:11:54, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2006/11/08 12:11:54, 10] lib/util_seaccess.c:se_access_check(231) se_access_check: requested access 0x00000001, for NT token with 19 entries and first sid S-1-22-1-130. [2006/11/08 12:11:54, 3] lib/util_seaccess.c:se_access_check(250) [2006/11/08 12:11:54, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-130 se_access_check: also S-1-22-2-15 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-12003 se_access_check: also S-1-22-2-121 se_access_check: also S-1-22-2-20 se_access_check: also S-1-22-2-209 se_access_check: also S-1-22-2-263 se_access_check: also S-1-22-2-219 se_access_check: also S-1-22-2-352 se_access_check: also S-1-22-2-0 se_access_check: also S-1-22-2-257 se_access_check: also S-1-22-2-1000 se_access_check: also S-1-22-2-369 se_access_check: also S-1-22-2-154 se_access_check: also S-1-22-2-400 se_access_check: also S-1-22-2-5000 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2006/11/08 12:11:54, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (1) granted. [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (130, 15) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:54, 5] auth/auth_util.c:debug_nt_user_token(452) NT user token of user S-1-22-1-130 contains 19 SIDs SID[ 0]: S-1-22-1-130 SID[ 1]: S-1-22-2-15 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-12003 SID[ 6]: S-1-22-2-121 SID[ 7]: S-1-22-2-20 SID[ 8]: S-1-22-2-209 SID[ 9]: S-1-22-2-263 SID[ 10]: S-1-22-2-219 SID[ 11]: S-1-22-2-352 SID[ 12]: S-1-22-2-0 SID[ 13]: S-1-22-2-257 SID[ 14]: S-1-22-2-1000 SID[ 15]: S-1-22-2-369 SID[ 16]: S-1-22-2-154 SID[ 17]: S-1-22-2-400 SID[ 18]: S-1-22-2-5000 SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 12:11:54, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 130 Primary group is 15 and contains 15 supplementary groups Group[ 0]: 15 Group[ 1]: 12003 Group[ 2]: 121 Group[ 3]: 20 Group[ 4]: 209 Group[ 5]: 263 Group[ 6]: 219 Group[ 7]: 352 Group[ 8]: 0 Group[ 9]: 257 Group[ 10]: 1000 Group[ 11]: 369 Group[ 12]: 154 Group[ 13]: 400 Group[ 14]: 5000 [2006/11/08 12:11:54, 5] smbd/uid.c:change_to_user(259) change_to_user uid=(0,130) gid=(0,15) [2006/11/08 12:11:54, 3] smbd/service.c:make_connection_snum(941) waldi (141.14.22.101) connect to service IPC$ initially as user wwwutz (uid=130, gid=15) (pid 12545) [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:54, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:54, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:54, 5] smbd/uid.c:change_to_root_user(274) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 12:11:54, 2] smbd/reply.c:reply_tcon_and_X(711) Serving IPC$ as a Dfs root [2006/11/08 12:11:54, 3] smbd/reply.c:reply_tcon_and_X(715) tconX service=IPC$ [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=20224 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 3 (0x3) smb_bcc=7 [2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) [000] 49 50 43 00 00 00 00 IPC.... [2006/11/08 12:11:54, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: 60 [2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 116 [2006/11/08 12:11:54, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x74 [2006/11/08 12:11:54, 3] smbd/process.c:process_smb(1110) Transaction 4 of length 120 [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=116 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2844 smb_uid=101 smb_mid=20288 smt_wct=15 smb_vwv[ 0]= 48 (0x30) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 48 (0x30) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 16 (0x10) smb_bcc=51 [2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) [000] 00 00 00 03 00 5C 00 77 00 61 00 72 00 74 00 68 .....\.w .a.r.t.h [010] 00 6F 00 6C 00 65 00 5C 00 6D 00 61 00 6D 00 65 .o.l.e.\ .m.a.m.e [020] 00 70 00 69 00 6D 00 61 00 67 00 65 00 73 00 5C .p.i.m.a .g.e.s.\ [030] 00 00 00 ... [2006/11/08 12:11:54, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 12545) conn 0x14028a050 [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (130, 15) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:54, 5] auth/auth_util.c:debug_nt_user_token(452) NT user token of user S-1-22-1-130 contains 19 SIDs SID[ 0]: S-1-22-1-130 SID[ 1]: S-1-22-2-15 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-12003 SID[ 6]: S-1-22-2-121 SID[ 7]: S-1-22-2-20 SID[ 8]: S-1-22-2-209 SID[ 9]: S-1-22-2-263 SID[ 10]: S-1-22-2-219 SID[ 11]: S-1-22-2-352 SID[ 12]: S-1-22-2-0 SID[ 13]: S-1-22-2-257 SID[ 14]: S-1-22-2-1000 SID[ 15]: S-1-22-2-369 SID[ 16]: S-1-22-2-154 SID[ 17]: S-1-22-2-400 SID[ 18]: S-1-22-2-5000 SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 12:11:54, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 130 Primary group is 15 and contains 15 supplementary groups Group[ 0]: 15 Group[ 1]: 12003 Group[ 2]: 121 Group[ 3]: 20 Group[ 4]: 209 Group[ 5]: 263 Group[ 6]: 219 Group[ 7]: 352 Group[ 8]: 0 Group[ 9]: 257 Group[ 10]: 1000 Group[ 11]: 369 Group[ 12]: 154 Group[ 13]: 400 Group[ 14]: 5000 [2006/11/08 12:11:54, 5] smbd/uid.c:change_to_user(259) change_to_user uid=(0,130) gid=(0,15) [2006/11/08 12:11:54, 4] smbd/vfs.c:vfs_ChDir(741) vfs_ChDir to /tmp [2006/11/08 12:11:54, 10] smbd/trans2.c:call_trans2getdfsreferral(4932) call_trans2getdfsreferral [2006/11/08 12:11:54, 10] smbd/msdfs.c:parse_dfs_path(44) temp in parse_dfs_path: .warthole\mamepimages. after trimming \'s [2006/11/08 12:11:54, 10] smbd/msdfs.c:parse_dfs_path(54) parse_dfs_path: hostname: warthole [2006/11/08 12:11:54, 10] smbd/msdfs.c:setup_dfs_referral(834) max_referral_level :3 [2006/11/08 12:11:54, 10] smbd/msdfs.c:setup_ver3_dfs_referral(711) setting up version3 referral [2006/11/08 12:11:54, 10] smbd/msdfs.c:setup_ver3_dfs_referral(715) [2006/11/08 12:11:54, 0] lib/util.c:dump_data(2215) [000] 5C 00 77 00 61 00 72 00 74 00 68 00 6F 00 6C 00 \.w.a.r. t.h.o.l. [010] 65 00 5C 00 6D 00 61 00 6D 00 65 00 70 00 69 00 e.\.m.a. m.e.p.i. [020] 6D 00 61 00 67 00 65 00 73 00 5C 00 00 00 m.a.g.e. s.\... [2006/11/08 12:11:54, 10] smbd/msdfs.c:setup_ver3_dfs_referral(724) referral 0 : \warthole\mamepimages\ [2006/11/08 12:11:54, 10] smbd/msdfs.c:setup_dfs_referral(854) DFS Referral pdata: [2006/11/08 12:11:54, 0] lib/util.c:dump_data(2215) [000] 2C 00 01 00 03 00 00 00 03 00 22 00 01 00 00 00 ,....... .."..... [010] 58 02 00 00 22 00 50 00 7E 00 00 00 00 00 00 00 X...".P. ~....... [020] 00 00 00 00 00 00 00 00 00 00 5C 00 77 00 61 00 ........ ..\.w.a. [030] 72 00 74 00 68 00 6F 00 6C 00 65 00 5C 00 6D 00 r.t.h.o. l.e.\.m. [040] 61 00 6D 00 65 00 70 00 69 00 6D 00 61 00 67 00 a.m.e.p. i.m.a.g. [050] 65 00 73 00 5C 00 00 00 5C 00 77 00 61 00 72 00 e.s.\... \.w.a.r. [060] 74 00 68 00 6F 00 6C 00 65 00 5C 00 6D 00 61 00 t.h.o.l. e.\.m.a. [070] 6D 00 65 00 70 00 69 00 6D 00 61 00 67 00 65 00 m.e.p.i. m.a.g.e. [080] 73 00 5C 00 00 00 5C 00 77 00 61 00 72 00 74 00 s.\...\. w.a.r.t. [090] 68 00 6F 00 6C 00 65 00 5C 00 6D 00 61 00 6D 00 h.o.l.e. \.m.a.m. [0A0] 65 00 70 00 69 00 6D 00 61 00 67 00 65 00 73 00 e.p.i.m. a.g.e.s. [0B0] 5C 00 00 00 \... [2006/11/08 12:11:54, 9] smbd/trans2.c:send_trans2_replies(689) t2_rep: params_sent_thistime = 0, data_sent_thistime = 180, useable_space = 131012 [2006/11/08 12:11:54, 9] smbd/trans2.c:send_trans2_replies(691) t2_rep: params_to_send = 0, data_to_send = 180, paramsize = 0, datasize = 180 [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=236 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55361 smb_tid=1 smb_pid=2844 smb_uid=101 smb_mid=20288 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 180 (0xB4) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 180 (0xB4) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=181 [2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) [000] 00 2C 00 01 00 03 00 00 00 03 00 22 00 01 00 00 .,...... ...".... [010] 00 58 02 00 00 22 00 50 00 7E 00 00 00 00 00 00 .X...".P .~...... [020] 00 00 00 00 00 00 00 00 00 00 00 5C 00 77 00 61 ........ ...\.w.a [030] 00 72 00 74 00 68 00 6F 00 6C 00 65 00 5C 00 6D .r.t.h.o .l.e.\.m [040] 00 61 00 6D 00 65 00 70 00 69 00 6D 00 61 00 67 .a.m.e.p .i.m.a.g [050] 00 65 00 73 00 5C 00 00 00 5C 00 77 00 61 00 72 .e.s.\.. .\.w.a.r [060] 00 74 00 68 00 6F 00 6C 00 65 00 5C 00 6D 00 61 .t.h.o.l .e.\.m.a [070] 00 6D 00 65 00 70 00 69 00 6D 00 61 00 67 00 65 .m.e.p.i .m.a.g.e [080] 00 73 00 5C 00 00 00 5C 00 77 00 61 00 72 00 74 .s.\...\ .w.a.r.t [090] 00 68 00 6F 00 6C 00 65 00 5C 00 6D 00 61 00 6D .h.o.l.e .\.m.a.m [0A0] 00 65 00 70 00 69 00 6D 00 61 00 67 00 65 00 73 .e.p.i.m .a.g.e.s [0B0] 00 5C 00 00 00 .\... [2006/11/08 12:11:54, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: 60 [2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 96 [2006/11/08 12:11:54, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x60 [2006/11/08 12:11:54, 3] smbd/process.c:process_smb(1110) Transaction 5 of length 100 [2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) size=96 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=20352 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=53 [2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 5C 00 57 00 41 00 52 00 54 00 48 00 4F .\.\.W.A .R.T.H.O [010] 00 4C 00 45 00 5C 00 4D 00 41 00 4D 00 45 00 50 .L.E.\.M .A.M.E.P [020] 00 49 00 4D 00 41 00 47 00 45 00 53 00 00 00 3F .I.M.A.G .E.S...? [030] 3F 3F 3F 3F 00 ????. [2006/11/08 12:11:54, 3] smbd/process.c:switch_message(914) switch message SMBtconX (pid 12545) conn 0x0 [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:54, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:54, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:54, 5] smbd/uid.c:change_to_root_user(274) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 12:11:54, 4] smbd/reply.c:reply_tcon_and_X(668) Client requested device type [?????] for share [MAMEPIMAGES] [2006/11/08 12:11:54, 5] smbd/service.c:make_connection(1116) making a connection to 'normal' service mamepimages [2006/11/08 12:11:54, 10] smbd/share_access.c:user_ok_token(224) user_ok_token: share mamepimages is ok for unix user wwwutz [2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user wwwutz [2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is wwwutz [2006/11/08 12:11:54, 10] lib/util_pw.c:getpwnam_alloc(76) Got wwwutz from pwnam_cache [2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_internals(107) Get_Pwnam_internals did find user [wwwutz]! [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: WARTHOLE\imgdata => WARTHOLE (domain), imgdata (name) [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:54, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:54, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:54, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:54, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) getsampwnam (smbpasswd): search by name: imgdata [2006/11/08 12:11:54, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) startsmbfilepwent_internal: opening file /var/samba/private/smbpasswd [2006/11/08 12:11:54, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) getsmbfilepwent: end of file reached. [2006/11/08 12:11:54, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) endsmbfilepwent_internal: closed password file. [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:54, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:54, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:54, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: Unix User\imgdata => Unix User (domain), imgdata (name) [2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_uid(1209) sid_to_uid: S-1-22-1-1087 -> 1087 [2006/11/08 12:11:54, 10] lib/system_smbd.c:sys_getgrouplist(125) sys_getgrouplist: user [imgdata] [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:54, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:54, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:54, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:54, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:55, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:55, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 372 -> S-1-22-2-372 [2006/11/08 12:11:55, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 392 -> S-1-22-2-392 [2006/11/08 12:11:55, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-1-1087] [2006/11/08 12:11:55, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-372] [2006/11/08 12:11:55, 5] lib/privileges.c:get_privileges_for_sids(458) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 12:11:55, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-5-2] [2006/11/08 12:11:55, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-5-11] [2006/11/08 12:11:55, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-392] [2006/11/08 12:11:55, 3] smbd/service.c:make_connection_snum(672) Forced user imgdata [2006/11/08 12:11:55, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: WARTHOLE\abt_her => WARTHOLE (domain), abt_her (name) [2006/11/08 12:11:55, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:55, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:55, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:55, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:55, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:55, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:55, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: Unix Group\abt_her => Unix Group (domain), abt_her (name) [2006/11/08 12:11:55, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-9000 -> 9000 [2006/11/08 12:11:55, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: WARTHOLE\imgdata => WARTHOLE (domain), imgdata (name) [2006/11/08 12:11:55, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:55, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:55, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:55, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:55, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:55, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) getsampwnam (smbpasswd): search by name: imgdata [2006/11/08 12:11:55, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) startsmbfilepwent_internal: opening file /var/samba/private/smbpasswd [2006/11/08 12:11:55, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) getsmbfilepwent: end of file reached. [2006/11/08 12:11:55, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) endsmbfilepwent_internal: closed password file. [2006/11/08 12:11:55, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:55, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:55, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:55, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:55, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:55, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:55, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:55, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: Unix User\imgdata => Unix User (domain), imgdata (name) [2006/11/08 12:11:55, 10] lib/util_pw.c:getpwnam_alloc(76) Got imgdata from pwnam_cache [2006/11/08 12:11:55, 10] passdb/lookup_sid.c:sid_to_uid(1209) sid_to_uid: S-1-22-1-1087 -> 1087 [2006/11/08 12:11:55, 10] lib/system_smbd.c:sys_getgrouplist(125) sys_getgrouplist: user [imgdata] [2006/11/08 12:11:55, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:55, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:55, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:55, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:55, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:55, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:55, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 372 -> S-1-22-2-372 [2006/11/08 12:11:55, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 392 -> S-1-22-2-392 [2006/11/08 12:11:55, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-1-1087] [2006/11/08 12:11:55, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-372] [2006/11/08 12:11:55, 5] lib/privileges.c:get_privileges_for_sids(458) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 12:11:55, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-5-2] [2006/11/08 12:11:55, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-5-11] [2006/11/08 12:11:55, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-392] [2006/11/08 12:11:55, 10] smbd/service.c:make_connection_snum(736) Could not convert SID S-1-22-1-1087 to gid, ignoring it [2006/11/08 12:11:55, 0] lib/fault.c:fault_report(41) =============================================================== [2006/11/08 12:11:55, 0] lib/fault.c:fault_report(42) INTERNAL ERROR: Signal 11 in pid 12545 (3.0.23c) Please read the Trouble-Shooting section of the Samba3-HOWTO [2006/11/08 12:11:55, 0] lib/fault.c:fault_report(44) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2006/11/08 12:11:55, 0] lib/fault.c:fault_report(45) =============================================================== [2006/11/08 12:11:55, 0] lib/util.c:smb_panic(1591) PANIC (pid 12545): internal error [2006/11/08 12:11:55, 0] lib/util.c:log_stack_trace(1749) unable to produce a stack trace on this platform [2006/11/08 12:11:55, 0] lib/fault.c:dump_core(173) dumping core in /var/samba/cores/smbd [2006/11/08 12:11:56, 6] param/loadparm.c:lp_file_list_changed(2998) lp_file_list_changed() file /usr/local/samba/etc/smb.conf.service.bkps -> /usr/local/samba/etc/smb.conf.service.bkps last mod_time: Tue Nov 7 10:59:35 2006 file /usr/local/samba/etc/smb.conf.global.%h -> /usr/local/samba/etc/smb.conf.global.warthole last mod_time: Thu Jan 1 01:00:00 1970 file /usr/local/samba/etc/smb.conf.global -> /usr/local/samba/etc/smb.conf.global last mod_time: Tue Nov 7 10:59:35 2006 file /usr/local/samba/etc/smb.conf -> /usr/local/samba/etc/smb.conf last mod_time: Wed Nov 8 12:11:08 2006 [2006/11/08 12:11:56, 5] auth/auth_util.c:make_user_info_map(160) make_user_info_map: Mapping user [lab-rr]\[wwwutz] from workstation [WALDI] [2006/11/08 12:11:56, 10] lib/gencache.c:gencache_get(285) Returning valid cache entry: key = TDOMCACHE/TIMESTAMP, value = 1162983779, timeout = Wed Nov 8 12:12:59 2006 [2006/11/08 12:11:56, 10] libsmb/trustdom_cache.c:update_trustdom_cache(326) update_trustdom_cache: not time to update trustdom_cache yet [2006/11/08 12:11:56, 10] lib/gencache.c:gencache_get(312) Cache entry with key = TDOM/LAB-RR couldn't be found [2006/11/08 12:11:56, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain lab-rr found. [2006/11/08 12:11:56, 5] auth/auth_util.c:make_user_info(75) attempting to make a user_info for wwwutz (wwwutz) [2006/11/08 12:11:56, 5] auth/auth_util.c:make_user_info(85) making strings for wwwutz's user_info struct [2006/11/08 12:11:56, 5] auth/auth_util.c:make_user_info(117) making blobs for wwwutz's user_info struct [2006/11/08 12:11:56, 10] auth/auth_util.c:make_user_info(135) made an encrypted user_info for wwwutz (wwwutz) [2006/11/08 12:11:56, 3] auth/auth.c:check_ntlm_password(220) check_ntlm_password: Checking password for unmapped user [lab-rr]\[wwwutz]@[WALDI] with the new password interface [2006/11/08 12:11:56, 3] auth/auth.c:check_ntlm_password(223) check_ntlm_password: mapped user is: [LAB-RR]\[wwwutz]@[WALDI] [2006/11/08 12:11:56, 10] auth/auth.c:check_ntlm_password(232) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2006/11/08 12:11:56, 10] auth/auth.c:check_ntlm_password(235) challenge is: [2006/11/08 12:11:56, 5] lib/util.c:dump_data(2215) [000] 24 52 BA 5C 68 14 1A EC $R.\h... [2006/11/08 12:11:56, 10] auth/auth.c:check_ntlm_password(261) check_ntlm_password: guest had nothing to say [2006/11/08 12:11:56, 8] lib/util.c:is_myname(2036) is_myname("LAB-RR") returns 0 [2006/11/08 12:11:56, 6] auth/auth_sam.c:check_samstrict_security(412) check_samstrict_security: LAB-RR is not one of my local names (ROLE_DOMAIN_MEMBER) [2006/11/08 12:11:56, 10] auth/auth.c:check_ntlm_password(261) check_ntlm_password: sam had nothing to say [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:56, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:56, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:56, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:56, 8] libsmb/namequery.c:get_sorted_dc_list(1550) get_sorted_dc_list: attempting lookup using [lmhosts wins host bcast] [2006/11/08 12:11:56, 10] lib/gencache.c:gencache_get(285) Returning valid cache entry: key = SAF/DOMAIN/LAB-RR, value = ESKUELL, timeout = Wed Nov 8 12:26:54 2006 [2006/11/08 12:11:56, 5] libsmb/namequery.c:saf_fetch(107) saf_fetch: Returning "ESKUELL" for "LAB-RR" domain [2006/11/08 12:11:56, 3] libsmb/namequery.c:get_dc_list(1426) get_dc_list: preferred server list: "ESKUELL, *" [2006/11/08 12:11:56, 10] libsmb/namequery.c:internal_resolve_name(1132) internal_resolve_name: looking up LAB-RR#1c [2006/11/08 12:11:56, 10] lib/gencache.c:gencache_get(285) Returning valid cache entry: key = NBT/LAB-RR#1C, value = 141.14.16.97:0,141.14.17.120:0,141.14.17.130:0,141.14.19.244:0, timeout = Wed Nov 8 12:13:59 2006 [2006/11/08 12:11:56, 5] libsmb/namecache.c:namecache_fetch(201) name LAB-RR#1C found. [2006/11/08 12:11:56, 8] libsmb/namequery.c:get_dc_list(1441) Adding 4 DC's from auto lookup [2006/11/08 12:11:56, 10] libsmb/namequery.c:internal_resolve_name(1132) internal_resolve_name: looking up ESKUELL#20 [2006/11/08 12:11:56, 10] lib/gencache.c:gencache_get(285) Returning valid cache entry: key = NBT/ESKUELL#20, value = 141.14.16.97:0, timeout = Wed Nov 8 12:13:59 2006 [2006/11/08 12:11:56, 5] libsmb/namecache.c:namecache_fetch(201) name ESKUELL#20 found. [2006/11/08 12:11:56, 10] libsmb/namequery.c:remove_duplicate_addrs2(408) remove_duplicate_addrs2: looking for duplicate address/port pairs [2006/11/08 12:11:56, 4] libsmb/namequery.c:get_dc_list(1528) get_dc_list: returning 4 ip addresses in an ordered list [2006/11/08 12:11:56, 4] libsmb/namequery.c:get_dc_list(1530) get_dc_list: 141.14.16.97:0 141.14.17.120:0 141.14.17.130:0 141.14.19.244:0 [2006/11/08 12:11:56, 10] libsmb/namequery.c:name_status_find(275) name_status_find: looking up LAB-RR#1c at 141.14.16.97 [2006/11/08 12:11:56, 10] lib/gencache.c:gencache_get(312) Cache entry with key = NBT/LAB-RR#1C.20.141.14.16.97 couldn't be found [2006/11/08 12:11:56, 5] libsmb/namecache.c:namecache_status_fetch(308) namecache_status_fetch: no entry for NBT/LAB-RR#1C.20.141.14.16.97 found. [2006/11/08 12:11:56, 10] lib/gencache.c:gencache_del(218) Deleting cache entry (key = NBT/LAB-RR#1C.20.141.14.16.97) [2006/11/08 12:11:56, 10] lib/util_sock.c:open_socket_in(839) bind succeeded on port 0 [2006/11/08 12:11:56, 5] libsmb/nmblib.c:send_udp(776) Sending a packet of len 50 to (141.14.16.97) on port 137 [2006/11/08 12:11:56, 10] lib/util_sock.c:read_udp_socket(293) read_udp_socket: lastip 141.14.16.97 lastport 137 read: 301 [2006/11/08 12:11:56, 10] libsmb/nmblib.c:parse_nmb(506) parse_nmb: packet id = 19406 [2006/11/08 12:11:56, 5] libsmb/nmblib.c:read_packet(754) Received a packet of len 301 from (141.14.16.97) port 137 [2006/11/08 12:11:56, 4] libsmb/nmblib.c:debug_nmb_packet(112) nmb packet from 141.14.16.97(137) header: id=19406 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=LAB-RR<1c> rr_type=33 rr_class=1 ttl=0 answers 0 char .ESKUELL hex 0A45534B55454C4C2020202020202020 answers 10 char .D.LAB-RR hex 0044004C41422D525220202020202020 answers 20 char ...LAB-RR hex 202000C4004C41422D52522020202020 answers 30 char ...ESKUELL hex 202020201CC40045534B55454C4C2020 answers 40 char D.LAB-RR hex 2020202020202044004C41422D525220 answers 50 char .D.ESKUE hex 20202020202020201B440045534B5545 answers 60 char LL .D.ADM hex 4C4C202020202020202003440041444D answers 70 char INISTRATOR .D.L hex 494E4953545241544F5220200344004C answers 80 char AB-RR .. hex 41422D52522020202020202020201EC4 answers 90 char .LAB-RR hex 004C41422D5252202020202020202020 answers a0 char .D...__MSBROWSE_ hex 1D440001025F5F4D5342524F5753455F answers b0 char _........]...... hex 5F0201C4000000F8025D840000000000 answers c0 char ................ hex 00000000000000000000000000000000 answers d0 char ................ hex 00000000000000000000000000000000 answers e0 char ... hex 000000 [2006/11/08 12:11:56, 10] libsmb/namequery.c:parse_node_status(157) ESKUELL#00: flags = 0x44 [2006/11/08 12:11:56, 10] libsmb/namequery.c:parse_node_status(157) LAB-RR#00: flags = 0xc4 [2006/11/08 12:11:56, 10] libsmb/namequery.c:parse_node_status(157) LAB-RR#1c: flags = 0xc4 [2006/11/08 12:11:56, 10] libsmb/namequery.c:parse_node_status(157) ESKUELL#20: flags = 0x44 [2006/11/08 12:11:56, 10] libsmb/namequery.c:parse_node_status(157) LAB-RR#1b: flags = 0x44 [2006/11/08 12:11:56, 10] libsmb/namequery.c:parse_node_status(157) ESKUELL#03: flags = 0x44 [2006/11/08 12:11:56, 10] libsmb/namequery.c:parse_node_status(157) ADMINISTRATOR#03: flags = 0x44 [2006/11/08 12:11:56, 10] libsmb/namequery.c:parse_node_status(157) LAB-RR#1e: flags = 0xc4 [2006/11/08 12:11:56, 10] libsmb/namequery.c:parse_node_status(157) LAB-RR#1d: flags = 0x44 [2006/11/08 12:11:56, 10] libsmb/namequery.c:parse_node_status(157) __MSBROWSE__#01: flags = 0xc4 [2006/11/08 12:11:56, 10] libsmb/namequery.c:name_status_find(315) name_status_find: name found, name ESKUELL ip address is 141.14.16.97 [2006/11/08 12:11:56, 3] libsmb/namequery_dc.c:rpc_dc_name(116) rpc_dc_name: Returning DC ESKUELL (141.14.16.97) for domain LAB-RR [2006/11/08 12:11:56, 10] passdb/secrets.c:secrets_named_mutex(779) secrets_named_mutex: got mutex for ESKUELL [2006/11/08 12:11:56, 3] libsmb/cliconnect.c:cli_start_connection(1417) Connecting to host=ESKUELL [2006/11/08 12:11:56, 3] lib/util_sock.c:open_socket_out(874) Connecting to 141.14.16.97 at port 445 [2006/11/08 12:11:56, 2] lib/util_sock.c:open_socket_out(910) error connecting to 141.14.16.97:445 (Connection refused) [2006/11/08 12:11:56, 3] lib/util_sock.c:open_socket_out(874) Connecting to 141.14.16.97 at port 139 [2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 0 [2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 0 [2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 4 [2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 8 [2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEPORT = 0 [2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 33580 [2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 33580 [2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1460 [2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,72) [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,72) wrote 72 [2006/11/08 12:11:56, 5] libsmb/cliconnect.c:cli_session_request(1262) Sent session request [2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 0 [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=0 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=0 [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,183) [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,183) wrote 183 [2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 91 [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=91 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=16040 smb_uid=0 smb_mid=2 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=65283 (0xFF03) smb_vwv[ 2]= 257 (0x101) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 17 (0x11) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 67 (0x43) smb_vwv[11]=16384 (0x4000) smb_vwv[12]=51427 (0xC8E3) smb_vwv[13]= 9949 (0x26DD) smb_vwv[14]=50947 (0xC703) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 2303 (0x8FF) smb_bcc=22 [2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) [000] 12 B5 69 8A B5 5D 6A F2 4C 00 41 00 42 00 2D 00 ..i..]j. L.A.B.-. [010] 52 00 52 00 00 00 R.R... [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=91 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=16040 smb_uid=0 smb_mid=2 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=65283 (0xFF03) smb_vwv[ 2]= 257 (0x101) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 17 (0x11) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 67 (0x43) smb_vwv[11]=16384 (0x4000) smb_vwv[12]=51427 (0xC8E3) smb_vwv[13]= 9949 (0x26DD) smb_vwv[14]=50947 (0xC703) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 2303 (0x8FF) smb_bcc=22 [2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) [000] 12 B5 69 8A B5 5D 6A F2 4C 00 41 00 42 00 2D 00 ..i..]j. L.A.B.-. [010] 52 00 52 00 00 00 R.R... [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,92) [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,92) wrote 92 [2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 124 [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=124 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=16040 smb_uid=4096 smb_mid=3 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 124 (0x7C) smb_vwv[ 2]= 0 (0x0) smb_bcc=83 [2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) [000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [010] 00 4E 00 54 00 20 00 34 00 2E 00 30 00 00 00 4E .N.T. .4 ...0...N [020] 00 54 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 .T. .L.A .N. .M.a [030] 00 6E 00 61 00 67 00 65 00 72 00 20 00 34 00 2E .n.a.g.e .r. .4.. [040] 00 30 00 00 00 4C 00 41 00 42 00 2D 00 52 00 52 .0...L.A .B.-.R.R [050] 00 00 00 ... [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=124 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=16040 smb_uid=4096 smb_mid=3 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 124 (0x7C) smb_vwv[ 2]= 0 (0x0) smb_bcc=83 [2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) [000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [010] 00 4E 00 54 00 20 00 34 00 2E 00 30 00 00 00 4E .N.T. .4 ...0...N [020] 00 54 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 .T. .L.A .N. .M.a [030] 00 6E 00 61 00 67 00 65 00 72 00 20 00 34 00 2E .n.a.g.e .r. .4.. [040] 00 30 00 00 00 4C 00 41 00 42 00 2D 00 52 00 52 .0...L.A .B.-.R.R [050] 00 00 00 ... [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,82) [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,82) wrote 82 [2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 48 [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2052 smb_pid=16040 smb_uid=4096 smb_mid=4 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) [000] 49 50 43 00 00 00 00 IPC.... [2006/11/08 12:11:56, 10] libsmb/clientgen.c:cli_init_creds(233) cli_init_creds: user domain [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,108) [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,108) wrote 108 [2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 103 [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2052 smb_pid=16040 smb_uid=4096 smb_mid=5 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 264 (0x108) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/11/08 12:11:56, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2040) Bind RPC Pipe[801]: \NETLOGON auth_type 0, auth_level 0 [2006/11/08 12:11:56, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. [010] 01 00 00 00 .... [2006/11/08 12:11:56, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 max_tsize: 10b8 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0012 max_rsize: 10b8 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 assoc_gid: 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_contexts: 01 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c context_id : 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 001e num_transfer_syntaxes: 01 [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001f smb_io_rpc_iface [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 12345678 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1234 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : abcd [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : ef 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 01 23 45 67 cf fb [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000001 [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_rpc_iface [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_uuid uuid [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 data : 8a885d04 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0038 data : 1ceb [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 003a data : 11c9 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003c data : 9f e8 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003e data : 08 00 2b 10 48 60 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 version: 00000002 [2006/11/08 12:11:56, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x801 [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2052 smb_pid=16040 smb_uid=4096 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 2049 (0x801) smb_bcc=87 [2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,158) [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,158) wrote 158 [2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 124 [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2052 smb_pid=16040 smb_uid=4096 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... [010] 00 B8 10 B8 10 39 79 06 00 0C 00 5C 50 49 50 45 .....9y. ...\PIPE [020] 5C 6C 73 61 73 73 00 39 01 01 00 00 00 00 00 00 \lsass.9 ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2052 smb_pid=16040 smb_uid=4096 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... [010] 00 B8 10 B8 10 39 79 06 00 0C 00 5C 50 49 50 45 .....9y. ...\PIPE [020] 5C 6C 73 61 73 73 00 39 01 01 00 00 00 00 00 00 \lsass.9 ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 68 at offset 0 [2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x801 returned 68 bytes. [2006/11/08 12:11:56, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2077) rpc_pipe_bind: Remote machine ESKUELL pipe \NETLOGON fnum 0x801 bind request returned ok. [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 max_tsize: 10b8 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0012 max_rsize: 10b8 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 assoc_gid: 00067939 [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_addr_str [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0018 len: 000c [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a str: \PIPE\lsass. [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000026 smb_io_rpc_results [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0028 num_results: 01 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002c result : 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002e reason : 0000 [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_rpc_iface [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_uuid uuid [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 data : 8a885d04 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0034 data : 1ceb [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0036 data : 11c9 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0038 data : 9f e8 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003a data : 08 00 2b 10 48 60 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 version: 00000002 [2006/11/08 12:11:56, 5] rpc_client/cli_pipe.c:check_bind_response(1701) check_bind_response: accepted! [2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2270) cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine ESKUELL and bound anonymously. [2006/11/08 12:11:56, 4] passdb/secrets.c:secrets_fetch_trust_account_password(285) Using cleartext machine password [2006/11/08 12:11:56, 4] rpc_client/cli_netlogon.c:rpccli_net_req_chal(45) cli_net_req_chal: LSA Request Challenge from WARTHOLE to \\ESKUELL [2006/11/08 12:11:56, 5] rpc_parse/parse_net.c:init_q_req_chal(679) init_q_req_chal: 679 [2006/11/08 12:11:56, 5] rpc_parse/parse_net.c:init_q_req_chal(688) init_q_req_chal: 688 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_req_chal [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 undoc_buffer: 00000001 [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 0000000a [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 0000000a [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.E.S.K.U.E.L.L... [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_unistr2 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_max_len: 00000009 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 offset : 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c uni_str_len: 00000009 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0030 buffer : W.A.R.T.H.O.L.E... [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000042 smb_io_chal [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0042 data: 64 50 7e 95 f9 1f b0 0b [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0062 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000004a [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 opnum : 0004 [2006/11/08 12:11:56, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x801 [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=180 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2052 smb_pid=16040 smb_uid=4096 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 98 (0x62) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 98 (0x62) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 2049 (0x801) smb_bcc=113 [2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 62 00 00 00 02 00 00 00 4A .......b .......J [020] 00 00 00 00 00 04 00 01 00 00 00 0A 00 00 00 00 ........ ........ [030] 00 00 00 0A 00 00 00 5C 00 5C 00 45 00 53 00 4B .......\ .\.E.S.K [040] 00 55 00 45 00 4C 00 4C 00 00 00 09 00 00 00 00 .U.E.L.L ........ [050] 00 00 00 09 00 00 00 57 00 41 00 52 00 54 00 48 .......W .A.R.T.H [060] 00 4F 00 4C 00 45 00 00 00 64 50 7E 95 F9 1F B0 .O.L.E.. .dP~.... [070] 0B . [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,184) [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,184) wrote 184 [2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 92 [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2052 smb_pid=16040 smb_uid=4096 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) [000] 62 05 00 02 03 10 00 00 00 24 00 00 00 02 00 00 b....... .$...... [010] 00 0C 00 00 00 00 00 00 00 61 7D 05 14 90 01 00 ........ .a}..... [020] 00 00 00 00 00 ..... [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2052 smb_pid=16040 smb_uid=4096 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) [000] 62 05 00 02 03 10 00 00 00 24 00 00 00 02 00 00 b....... .$...... [010] 00 0C 00 00 00 00 00 00 00 61 7D 05 14 90 01 00 ........ .a}..... [020] 00 00 00 00 00 ..... [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0024 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000000c [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0 [2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 36 at offset 0 [2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x801 returned 24 bytes. [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_req_chal [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_chal [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0000 data: 61 7d 05 14 90 01 00 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) 0008 status: NT_STATUS_OK [2006/11/08 12:11:56, 10] libsmb/credentials.c:creds_client_init(286) creds_client_init: neg_flags : 400701ff [2006/11/08 12:11:56, 10] libsmb/credentials.c:creds_client_init(287) creds_client_init: client chal : 64507E95F91FB00B [2006/11/08 12:11:56, 10] libsmb/credentials.c:creds_client_init(288) creds_client_init: server chal : 617D051490010000 [2006/11/08 12:11:56, 5] libsmb/credentials.c:creds_init_64(117) creds_init_64 [2006/11/08 12:11:56, 5] libsmb/credentials.c:creds_init_64(118) clnt_chal_in: 64507E95F91FB00B [2006/11/08 12:11:56, 5] libsmb/credentials.c:creds_init_64(119) srv_chal_in : 617D051490010000 [2006/11/08 12:11:56, 5] libsmb/credentials.c:creds_init_64(120) clnt+srv : C5CD83A98921B00B [2006/11/08 12:11:56, 5] libsmb/credentials.c:creds_init_64(121) sess_key_out : 015C67118B1BCA66 [2006/11/08 12:11:56, 10] libsmb/credentials.c:creds_client_init(306) creds_client_init: clnt : 1222871E0A38783F [2006/11/08 12:11:56, 10] libsmb/credentials.c:creds_client_init(307) creds_client_init: server : FB8D45D1A330CAF6 [2006/11/08 12:11:56, 10] libsmb/credentials.c:creds_client_init(308) creds_client_init: seed : 1222871E0A38783F [2006/11/08 12:11:56, 4] rpc_client/cli_netlogon.c:rpccli_net_auth2(168) cli_net_auth2: srv:\\ESKUELL acct:WARTHOLE$ sc:2 mc: WARTHOLE neg: 400701ff [2006/11/08 12:11:56, 5] rpc_parse/parse_net.c:init_q_auth_2(800) init_q_auth_2: 800 [2006/11/08 12:11:56, 5] rpc_parse/parse_misc.c:init_log_info(1409) make_log_info 1409 [2006/11/08 12:11:56, 5] rpc_parse/parse_net.c:init_q_auth_2(806) init_q_auth_2: 806 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_auth_2 [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_log_info [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 undoc_buffer: 00000001 [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 unistr2 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 0000000a [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 0000000a [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.E.S.K.U.E.L.L... [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_unistr2 unistr2 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_max_len: 0000000a [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 offset : 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c uni_str_len: 0000000a [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0030 buffer : W.A.R.T.H.O.L.E.$... [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0044 sec_chan: 0002 [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 000046 smb_io_unistr2 unistr2 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0048 uni_max_len: 00000009 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c offset : 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0050 uni_str_len: 00000009 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0054 buffer : W.A.R.T.H.O.L.E... [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000066 smb_io_chal [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0066 data: 12 22 87 1e 0a 38 78 3f [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 00006e net_io_neg_flags [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0070 neg_flags: 400701ff [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 008c [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000074 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 opnum : 000f [2006/11/08 12:11:56, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x801 [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=222 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2052 smb_pid=16040 smb_uid=4096 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 140 (0x8C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 140 (0x8C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 2049 (0x801) smb_bcc=155 [2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 8C 00 00 00 03 00 00 00 74 ........ .......t [020] 00 00 00 00 00 0F 00 01 00 00 00 0A 00 00 00 00 ........ ........ [030] 00 00 00 0A 00 00 00 5C 00 5C 00 45 00 53 00 4B .......\ .\.E.S.K [040] 00 55 00 45 00 4C 00 4C 00 00 00 0A 00 00 00 00 .U.E.L.L ........ [050] 00 00 00 0A 00 00 00 57 00 41 00 52 00 54 00 48 .......W .A.R.T.H [060] 00 4F 00 4C 00 45 00 24 00 00 00 02 00 00 00 09 .O.L.E.$ ........ [070] 00 00 00 00 00 00 00 09 00 00 00 57 00 41 00 52 ........ ...W.A.R [080] 00 54 00 48 00 4F 00 4C 00 45 00 00 00 12 22 87 .T.H.O.L .E....". [090] 1E 0A 38 78 3F 00 00 FF 01 07 40 ..8x?... ..@ [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,226) [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,226) wrote 226 [2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 96 [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2052 smb_pid=16040 smb_uid=4096 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) [000] 8C 05 00 02 03 10 00 00 00 28 00 00 00 03 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 FB 8D 45 D1 A3 30 CA ........ ...E..0. [020] F6 FF 01 00 40 00 00 00 00 ....@... . [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2052 smb_pid=16040 smb_uid=4096 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) [000] 8C 05 00 02 03 10 00 00 00 28 00 00 00 03 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 FB 8D 45 D1 A3 30 CA ........ ...E..0. [020] F6 FF 01 00 40 00 00 00 00 ....@... . [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0028 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000010 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0 [2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 40 at offset 0 [2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x801 returned 32 bytes. [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_auth_2 [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_chal [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0000 data: fb 8d 45 d1 a3 30 ca f6 [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 net_io_neg_flags [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 neg_flags: 400001ff [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) 000c status: NT_STATUS_OK [2006/11/08 12:11:56, 10] libsmb/credentials.c:creds_client_check(325) creds_client_check: credentials check OK. [2006/11/08 12:11:56, 5] rpc_client/cli_netlogon.c:rpccli_netlogon_setup_creds(344) rpccli_netlogon_setup_creds: server ESKUELL credential chain established. [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,108) [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,108) wrote 108 [2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 103 [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2052 smb_pid=16040 smb_uid=4096 smb_mid=9 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 512 (0x200) smb_vwv[ 3]= 264 (0x108) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/11/08 12:11:56, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2040) Bind RPC Pipe[802]: \NETLOGON auth_type 2, auth_level 6 [2006/11/08 12:11:56, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. [010] 01 00 00 00 .... [2006/11/08 12:11:56, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_auth_schannel_neg schannel_neg [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 type1: 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 type2: 00000003 [2006/11/08 12:11:56, 6] lib/util.c:dump_data(2215) [000] 4C 41 42 2D 52 52 LAB-RR [2006/11/08 12:11:56, 6] lib/util.c:dump_data(2215) [000] 57 41 52 54 48 4F 4C 45 WARTHOLE [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0068 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0018 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 max_tsize: 10b8 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0012 max_rsize: 10b8 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 assoc_gid: 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_contexts: 01 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c context_id : 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 001e num_transfer_syntaxes: 01 [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001f smb_io_rpc_iface [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 12345678 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1234 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : abcd [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : ef 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 01 23 45 67 cf fb [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000001 [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_rpc_iface [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_uuid uuid [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 data : 8a885d04 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0038 data : 1ceb [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 003a data : 11c9 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003c data : 9f e8 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003e data : 08 00 2b 10 48 60 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 version: 00000002 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_rpc_hdr_auth hdr_auth [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0048 auth_type : 44 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0049 auth_level : 06 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004a auth_pad_len : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004b auth_reserved: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c auth_context_id: 00000001 [2006/11/08 12:11:56, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x802 [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=186 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2052 smb_pid=16040 smb_uid=4096 smb_mid=10 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 104 (0x68) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 2050 (0x802) smb_bcc=119 [2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 68 00 18 00 04 00 00 00 B8 .......h ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ [060] 00 00 00 03 00 00 00 4C 41 42 2D 52 52 00 57 41 .......L AB-RR.WA [070] 52 54 48 4F 4C 45 00 RTHOLE. [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,190) [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,190) wrote 190 [2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 144 [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2052 smb_pid=16040 smb_uid=4096 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) [000] 68 05 00 0C 03 10 00 00 00 58 00 0C 00 04 00 00 h....... .X...... [010] 00 B8 10 B8 10 3A 79 06 00 0C 00 5C 50 49 50 45 .....:y. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 2E 06 8F ........ . [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2052 smb_pid=16040 smb_uid=4096 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) [000] 68 05 00 0C 03 10 00 00 00 58 00 0C 00 04 00 00 h....... .X...... [010] 00 B8 10 B8 10 3A 79 06 00 0C 00 5C 50 49 50 45 .....:y. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 2E 06 8F ........ . [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0058 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 000c [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 88 at offset 0 [2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x802 returned 88 bytes. [2006/11/08 12:11:56, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2077) rpc_pipe_bind: Remote machine ESKUELL pipe \NETLOGON fnum 0x802 bind request returned ok. [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0058 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 000c [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 max_tsize: 10b8 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0012 max_rsize: 10b8 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 assoc_gid: 0006793a [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_addr_str [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0018 len: 000c [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a str: \PIPE\lsass. [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000026 smb_io_rpc_results [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0028 num_results: 01 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002c result : 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002e reason : 0000 [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_rpc_iface [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_uuid uuid [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 data : 8a885d04 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0034 data : 1ceb [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0036 data : 11c9 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0038 data : 9f e8 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003a data : 08 00 2b 10 48 60 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 version: 00000002 [2006/11/08 12:11:56, 5] rpc_client/cli_pipe.c:check_bind_response(1701) check_bind_response: accepted! [2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel_with_key(2534) cli_rpc_pipe_open_schannel_with_key: opened pipe \NETLOGON to machine ESKUELL for domain LAB-RR and bound using schannel. [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,45) [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,45) wrote 45 [2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2052 smb_pid=16040 smb_uid=4096 smb_mid=11 smt_wct=0 smb_bcc=0 [2006/11/08 12:11:56, 10] libsmb/clientgen.c:cli_rpc_pipe_close(383) cli_rpc_pipe_close: closed pipe \NETLOGON to machine ESKUELL [2006/11/08 12:11:56, 10] libsmb/namequery.c:saf_store(70) saf_store: domain = [LAB-RR], server = [ESKUELL], expire = [1162985216] [2006/11/08 12:11:56, 10] lib/gencache.c:gencache_set(128) Adding cache entry with key = SAF/DOMAIN/LAB-RR; value = ESKUELL and timeout = Wed Nov 8 12:26:56 2006 (900 seconds ahead) [2006/11/08 12:11:56, 5] libsmb/credentials.c:creds_step(148) sequence = 0x4551bb7e [2006/11/08 12:11:56, 5] libsmb/credentials.c:creds_step(150) seed: 1222871E0A38783F [2006/11/08 12:11:56, 5] libsmb/credentials.c:creds_step(155) seed+seq 90DDD8630A38783F [2006/11/08 12:11:56, 5] libsmb/credentials.c:creds_step(159) CLIENT 286C81728F685919 [2006/11/08 12:11:56, 5] libsmb/credentials.c:creds_step(164) seed+seq+1 91DDD8630A38783F [2006/11/08 12:11:56, 5] libsmb/credentials.c:creds_step(168) SERVER DDEC1EC2D1E3E8EF [2006/11/08 12:11:56, 5] libsmb/credentials.c:creds_reseed(238) cred_reseed: seed 91DDD8630A38783F [2006/11/08 12:11:56, 5] rpc_parse/parse_net.c:init_id_info2(1181) init_id_info2: 1181 [2006/11/08 12:11:56, 5] rpc_parse/parse_misc.c:init_logon_id(1588) make_logon_id: 1588 [2006/11/08 12:11:56, 5] rpc_parse/parse_net.c:init_sam_info(1275) init_sam_info: 1275 [2006/11/08 12:11:56, 5] rpc_parse/parse_misc.c:init_clnt_info2(1503) make_clnt_info: 1503 [2006/11/08 12:11:56, 5] rpc_parse/parse_misc.c:init_clnt_srv(1348) init_clnt_srv: 1348 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_sam_logon [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_sam_info [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_clnt_info2 [2006/11/08 12:11:56, 8] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_clnt_srv [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 undoc_buffer : 00000001 [2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 unistr2 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 0000000a [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 0000000a [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.E.S.K.U.E.L.L... [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 undoc_buffer2: 00000001 [2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) 000028 smb_io_unistr2 unistr2 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 uni_max_len: 00000009 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c offset : 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 uni_str_len: 00000009 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0034 buffer : W.A.R.T.H.O.L.E... [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0048 ptr_cred: 00000001 [2006/11/08 12:11:56, 8] rpc_parse/parse_prs.c:prs_debug(84) 00004c smb_io_cred [2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) 00004c smb_io_chal [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 004c data: 28 6c 81 72 8f 68 59 19 [2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) 000054 smb_io_utime [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0054 time: 4551bb7e [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0058 ptr_rtn_cred : 00000001 [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 00005c smb_io_cred [2006/11/08 12:11:56, 8] rpc_parse/parse_prs.c:prs_debug(84) 00005c smb_io_chal [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 005c data: 00 00 00 00 00 00 00 00 [2006/11/08 12:11:56, 8] rpc_parse/parse_prs.c:prs_debug(84) 000064 smb_io_utime [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0064 time: 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0068 logon_level : 0002 [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 00006a smb_io_sam_info_ctr logon_info [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 006a switch_value : 0002 [2006/11/08 12:11:56, 8] rpc_parse/parse_prs.c:prs_debug(84) 00006c net_io_id_info2 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 006c ptr_id_info2: 00000001 [2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) 000070 smb_io_unihdr unihdr [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0070 uni_str_len: 000c [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0072 uni_max_len: 000c [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0074 buffer : 00000001 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0078 param_ctrl: 00000820 [2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) 00007c smb_io_logon_id [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 007c low : 0000dead [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0080 high: 0000beef [2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) 000084 smb_io_unihdr unihdr [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0084 uni_str_len: 000c [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0086 uni_max_len: 000c [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0088 buffer : 00000001 [2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) 00008c smb_io_unihdr unihdr [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 008c uni_str_len: 000e [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 008e uni_max_len: 000e [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0090 buffer : 00000001 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0094 lm_chal: 24 52 ba 5c 68 14 1a ec [2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) 00009c smb_io_strhdr hdr_nt_chal_resp [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 009c str_str_len: 0018 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 009e str_max_len: 0018 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00a0 buffer : 00000001 [2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000a4 smb_io_strhdr hdr_lm_chal_resp [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 00a4 str_str_len: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 00a6 str_max_len: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00a8 buffer : 00000000 [2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000ac smb_io_unistr2 uni_domain_name [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00ac uni_max_len: 00000006 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b0 offset : 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b4 uni_str_len: 00000006 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 00b8 buffer : L.A.B.-.R.R. [2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000c4 smb_io_unistr2 uni_user_name [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c4 uni_max_len: 00000006 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c8 offset : 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00cc uni_str_len: 00000006 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 00d0 buffer : w.w.w.u.t.z. [2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000dc smb_io_unistr2 uni_wksta_name [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00dc uni_max_len: 00000007 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00e0 offset : 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00e4 uni_str_len: 00000007 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 00e8 buffer : \.\.W.A.L.D.I. [2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) 0000f6 smb_io_string2 nt_chal_resp [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f8 str_max_len: 00000018 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00fc offset : 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0100 str_str_len: 00000018 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_string2(1096) 0104 buffer : ^...?......?...M....t..r [2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) 00011c smb_io_string2 - NULL lm_chal_resp [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 011c validation_level: 0003 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0160 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0020 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000005 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000011e [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 opnum : 0002 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000138 smb_io_rpc_hdr_auth hdr_auth [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0138 auth_type : 44 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0139 auth_level : 06 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 013a auth_pad_len : 02 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 013b auth_reserved: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 013c auth_context_id: 00000001 [2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1356) add_schannel_auth_footer: SCHANNEL seq_num=0 [2006/11/08 12:11:56, 10] rpc_parse/parse_prs.c:schannel_encode(1633) SCHANNEL: schannel_encode seq_num=0 data_len=288 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000140 smb_io_rpc_auth_schannel_chk [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0140 sig : 77 00 7a 00 ff ff 00 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0148 seq_num: b2 54 40 7c 29 16 78 b9 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0150 packet_digest: 54 84 bb 77 0e 0b 4b 80 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0158 confounder: b8 80 2b 6d e9 36 ff 41 [2006/11/08 12:11:56, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x802 [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=434 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=2052 smb_pid=16040 smb_uid=4096 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 352 (0x160) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 352 (0x160) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 2050 (0x802) smb_bcc=367 [2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 60 01 20 00 05 00 00 00 1E .......` . ...... [020] 01 00 00 00 00 02 00 1B BD 90 10 F5 CA 97 7D 7C ........ ......}| [030] 92 74 F7 8E 63 83 1A F8 4C 9D 0F 08 09 D4 48 9E .t..c... L.....H. [040] F3 98 DD 17 EF 5D FD 9F 75 30 02 C2 81 E4 D4 08 .....].. u0...... [050] 09 E3 DB 52 9C EA CB 42 D3 89 D1 A9 FD AF A2 4F ...R...B .......O [060] 18 0C 40 FF D1 33 1B F3 8E 66 3A 65 9E FC 8A C8 ..@..3.. .f:e.... [070] 18 AC B4 26 2D 7F 81 ED C8 16 EC DB 5D C9 87 12 ...&-... ....]... [080] CC 04 83 EF 56 01 3E CB 27 85 07 AF 2C 14 74 31 ....V.>. '...,.t1 [090] 01 47 2D 18 99 DE 42 56 C0 F0 72 61 18 FE D0 C2 .G-...BV ..ra.... [0A0] 5C F9 6E D8 8D 78 74 A5 91 8D CB 0D B4 D8 8B 03 \.n..xt. ........ [0B0] 3B D6 67 A7 A8 3B 28 70 FE 7C D0 7E 07 E3 DF 32 ;.g..;(p .|.~...2 [0C0] 1A 74 27 89 D2 0C 08 3E 03 B7 21 2D 44 4C B2 66 .t'....> ..!-DL.f [0D0] 6E 52 EE 5F 08 8C 61 01 2F 4B EE F6 59 00 6D 65 nR._..a. /K..Y.me [0E0] 34 EA A9 1C 2D C8 15 4E 30 BA 56 3B CB FF 7E 85 4...-..N 0.V;..~. [0F0] 26 EB 52 B5 72 12 B1 A1 C6 FB B5 08 6C F8 A4 3F &.R.r... ....l..? [100] AC 4F 0F 81 C5 8A 83 3D DD 77 60 73 93 D6 8D FF .O.....= .w`s.... [110] D3 1B 15 3F 08 22 9C DE 07 A6 FE BB 95 1A 1A 5A ...?.".. .......Z [120] 07 E0 9C 05 F9 D4 84 21 82 7B B3 99 34 E8 48 74 .......! .{..4.Ht [130] 9C 92 03 67 3F 5B D9 2B E7 72 42 71 F6 32 7E F5 ...g?[.+ .rBq.2~. [140] 02 DC F4 BC D5 22 DA 44 06 02 00 01 00 00 00 77 .....".D .......w [150] 00 7A 00 FF FF 00 00 B2 54 40 7C 29 16 78 B9 54 .z...... T@|).x.T [160] 84 BB 77 0E 0B 4B 80 B8 80 2B 6D E9 36 FF 41 ..w..K.. .+m.6.A [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,438) [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,438) wrote 438 [2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 456 [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=456 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2052 smb_pid=16040 smb_uid=4096 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 400 (0x190) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 400 (0x190) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=401 [2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) [000] 60 05 00 02 03 10 00 00 00 90 01 20 00 05 00 00 `....... ... .... [010] 00 50 01 00 00 00 00 00 00 49 18 F8 D2 CC 2E 75 .P...... .I.....u [020] 87 3F 65 AF 92 A8 45 82 64 B0 A2 25 34 F1 99 47 .?e...E. d..%4..G [030] 9A 06 A1 2C 15 F2 0C 86 F8 11 A3 29 A6 9A 47 C3 ...,.... ...)..G. [040] 85 7A CB 3F 29 9B 8B 38 B7 08 DE 92 E3 59 79 6D .z.?)..8 .....Yym [050] C8 49 01 1C CF 44 E6 16 FC 47 F3 C2 4B 63 CD 7E .I...D.. .G..Kc.~ [060] 56 AF 02 CB 04 C6 AF AC 55 94 40 C6 02 8F 4B 5A V....... U.@...KZ [070] B4 22 83 3A B2 24 24 70 F7 C4 27 9A EA 45 D7 B8 .".:.$$p ..'..E.. [080] BE 1E A9 78 61 A5 4C E9 66 3E 24 5F 14 87 12 72 ...xa.L. f>$_...r [090] 85 C0 25 8F 71 CC 27 0B C8 4A 5B 6B 00 8E 6A E2 ..%.q.'. .J[k..j. [0A0] C5 AB A6 09 C0 F4 4F 04 F4 05 93 AF 17 21 17 65 ......O. .....!.e [0B0] 8C DD E6 66 0A F8 A4 99 D9 6B A0 D7 38 D5 1C 14 ...f.... .k..8... [0C0] BF 99 E0 B6 2E 7A 15 9D 63 1F A5 B3 DB B1 DD 6F .....z.. c......o [0D0] 57 0F 13 A3 38 4F 9C 39 CA 3F 82 A2 80 AC 26 C6 W...8O.9 .?....&. [0E0] 88 B2 4A 39 5B 09 90 35 0A 81 DC C9 66 95 95 07 ..J9[..5 ....f... [0F0] 13 3A A2 62 82 79 B4 C5 54 83 40 7E FE FB 25 38 .:.b.y.. T.@~..%8 [100] DA 0E 7A 40 08 FE 12 93 B4 16 08 FF EF 55 D4 EF ..z@.... .....U.. [110] D5 8C BA E6 9D 9C 21 2B 8F 8A AC 0A CE 04 C4 7A ......!+ .......z [120] 0F 52 6C 9D E5 5E 8B 43 11 FF 8E 1E 1C 02 A4 CA .Rl..^.C ........ [130] 0B 38 83 B6 1E 9A 1C 6E 40 44 50 5E 8D DD F0 67 .8.....n @DP^...g [140] 5D AC 6B FB F3 5B B0 5F BA 86 9B C7 2C C0 6A C1 ].k..[._ ....,.j. [150] 40 69 2D 00 AE 32 60 CE 95 DC C6 A3 E0 B5 19 CC @i-..2`. ........ [160] 03 F5 49 1C 66 23 6F 80 86 44 06 00 00 01 00 00 ..I.f#o. .D...... [170] 00 77 00 7A 00 FF FF 00 00 D1 12 C6 B6 22 2F FA .w.z.... ....."/. [180] 30 03 4E 28 52 2F 65 B2 DA 5C 6B 37 85 4D 83 B4 0.N(R/e. .\k7.M.. [190] A7 . [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=456 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2052 smb_pid=16040 smb_uid=4096 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 400 (0x190) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 400 (0x190) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=401 [2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) [000] 60 05 00 02 03 10 00 00 00 90 01 20 00 05 00 00 `....... ... .... [010] 00 50 01 00 00 00 00 00 00 49 18 F8 D2 CC 2E 75 .P...... .I.....u [020] 87 3F 65 AF 92 A8 45 82 64 B0 A2 25 34 F1 99 47 .?e...E. d..%4..G [030] 9A 06 A1 2C 15 F2 0C 86 F8 11 A3 29 A6 9A 47 C3 ...,.... ...)..G. [040] 85 7A CB 3F 29 9B 8B 38 B7 08 DE 92 E3 59 79 6D .z.?)..8 .....Yym [050] C8 49 01 1C CF 44 E6 16 FC 47 F3 C2 4B 63 CD 7E .I...D.. .G..Kc.~ [060] 56 AF 02 CB 04 C6 AF AC 55 94 40 C6 02 8F 4B 5A V....... U.@...KZ [070] B4 22 83 3A B2 24 24 70 F7 C4 27 9A EA 45 D7 B8 .".:.$$p ..'..E.. [080] BE 1E A9 78 61 A5 4C E9 66 3E 24 5F 14 87 12 72 ...xa.L. f>$_...r [090] 85 C0 25 8F 71 CC 27 0B C8 4A 5B 6B 00 8E 6A E2 ..%.q.'. .J[k..j. [0A0] C5 AB A6 09 C0 F4 4F 04 F4 05 93 AF 17 21 17 65 ......O. .....!.e [0B0] 8C DD E6 66 0A F8 A4 99 D9 6B A0 D7 38 D5 1C 14 ...f.... .k..8... [0C0] BF 99 E0 B6 2E 7A 15 9D 63 1F A5 B3 DB B1 DD 6F .....z.. c......o [0D0] 57 0F 13 A3 38 4F 9C 39 CA 3F 82 A2 80 AC 26 C6 W...8O.9 .?....&. [0E0] 88 B2 4A 39 5B 09 90 35 0A 81 DC C9 66 95 95 07 ..J9[..5 ....f... [0F0] 13 3A A2 62 82 79 B4 C5 54 83 40 7E FE FB 25 38 .:.b.y.. T.@~..%8 [100] DA 0E 7A 40 08 FE 12 93 B4 16 08 FF EF 55 D4 EF ..z@.... .....U.. [110] D5 8C BA E6 9D 9C 21 2B 8F 8A AC 0A CE 04 C4 7A ......!+ .......z [120] 0F 52 6C 9D E5 5E 8B 43 11 FF 8E 1E 1C 02 A4 CA .Rl..^.C ........ [130] 0B 38 83 B6 1E 9A 1C 6E 40 44 50 5E 8D DD F0 67 .8.....n @DP^...g [140] 5D AC 6B FB F3 5B B0 5F BA 86 9B C7 2C C0 6A C1 ].k..[._ ....,.j. [150] 40 69 2D 00 AE 32 60 CE 95 DC C6 A3 E0 B5 19 CC @i-..2`. ........ [160] 03 F5 49 1C 66 23 6F 80 86 44 06 00 00 01 00 00 ..I.f#o. .D...... [170] 00 77 00 7A 00 FF FF 00 00 D1 12 C6 B6 22 2F FA .w.z.... ....."/. [180] 30 03 4E 28 52 2F 65 B2 DA 5C 6B 37 85 4D 83 B4 0.N(R/e. .\k7.M.. [190] A7 . [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0190 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0020 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000005 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000150 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000168 smb_io_rpc_hdr_auth hdr_auth [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0168 auth_type : 44 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0169 auth_level : 06 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 016a auth_pad_len : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 016b auth_reserved: 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 016c auth_context_id: 00000001 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000170 smb_io_rpc_auth_schannel_chk [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0170 sig : 77 00 7a 00 ff ff 00 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0178 seq_num: d1 12 c6 b6 22 2f fa 30 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0180 packet_digest: 03 4e 28 52 2f 65 b2 da [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0188 confounder: 5c 6b 37 85 4d 83 b4 a7 [2006/11/08 12:11:56, 10] rpc_parse/parse_prs.c:schannel_decode(1710) SCHANNEL: schannel_decode seq_num=1 data_len=336 [2006/11/08 12:11:56, 10] rpc_parse/parse_prs.c:schannel_decode(1730) SCHANNEL: schannel_decode seq_num=1 data_len=336 [2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) cli_pipe_validate_current_pdu: got pdu len 400, data_len 336, ss_len 0 [2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 400 at offset 0 [2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x802 returned 672 bytes. [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_sam_logon [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 buffer_creds: 0019306c [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_cred [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_chal [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0004 data: dd ec 1e c2 d1 e3 e8 ef [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 00000c smb_io_utime [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c time: 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 switch_value: 0003 [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 net_io_user_info3 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 ptr_user_info : 0015aed8 [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_time logon time [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 low : 6dc42ed0 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c high: 01c70314 [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_time logoff time [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 low : ffffffff [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 high: 7fffffff [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 000028 smb_io_time kickoff time [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 low : ffffffff [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c high: 7fffffff [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_time last set time [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 low : e66ea200 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 high: 01bb61e6 [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 000038 smb_io_time can change time [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 low : e66ea200 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c high: 01bb61e6 [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 000040 smb_io_time must change time [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 low : ffffffff [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 high: 7fffffff [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_unihdr hdr_user_name [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0048 uni_str_len: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 004a uni_max_len: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c buffer : 00000000 [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 000050 smb_io_unihdr hdr_full_name [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0050 uni_str_len: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0052 uni_max_len: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0054 buffer : 00000000 [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 000058 smb_io_unihdr hdr_logon_script [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0058 uni_str_len: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 005a uni_max_len: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 005c buffer : 00000000 [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 000060 smb_io_unihdr hdr_profile_path [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0060 uni_str_len: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0062 uni_max_len: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0064 buffer : 00000000 [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 000068 smb_io_unihdr hdr_home_dir [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0068 uni_str_len: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 006a uni_max_len: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 006c buffer : 00000000 [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 000070 smb_io_unihdr hdr_dir_drive [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0070 uni_str_len: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0072 uni_max_len: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0074 buffer : 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0078 logon_count : 0419 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 007a bad_pw_count : 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 007c user_rid : 0000040d [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0080 group_rid : 00000417 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0084 num_groups : 00000002 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0088 buffer_groups : 0015afa4 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 008c user_flgs : 00000120 [2006/11/08 12:11:56, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) dump_user_flgs account has LOGON_EXTRA_SIDS account has LOGON_NTLMV2_ENABLED [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0090 user_sess_key: 7a 88 fb b2 3d bd 68 bf d4 dd a7 e2 76 67 c0 c7 [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000a0 smb_io_unihdr hdr_logon_srv [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 00a0 uni_str_len: 000e [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 00a2 uni_max_len: 0010 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00a4 buffer : 0015afcc [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000a8 smb_io_unihdr hdr_logon_dom [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 00a8 uni_str_len: 000c [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 00aa uni_max_len: 000e [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00ac buffer : 0015afdc [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b0 buffer_dom_id : 0015afb4 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 00b4 lm_sess_key: 18 f1 a8 2d c1 41 9b d1 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00bc acct_flags : 00000000 [2006/11/08 12:11:56, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) dump_acct_flags [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c0 unkown: 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c4 unkown: 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c8 unkown: 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00cc unkown: 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d0 unkown: 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d4 unkown: 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d8 unkown: 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00dc num_other_sids: 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00e0 buffer_other_sids: 00000000 [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e4 smb_io_unistr2 - NULL uni_user_name [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e4 smb_io_unistr2 - NULL uni_full_name [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e4 smb_io_unistr2 - NULL uni_logon_script [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e4 smb_io_unistr2 - NULL uni_profile_path [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e4 smb_io_unistr2 - NULL uni_home_dir [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e4 smb_io_unistr2 - NULL uni_dir_drive [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00e4 num_groups2 : 00000002 [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000e8 smb_io_gid [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00e8 g_rid: 00000201 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00ec attr : 00000007 [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000f0 smb_io_gid [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f0 g_rid: 00000417 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f4 attr : 00000007 [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 0000f8 smb_io_unistr2 uni_logon_srv [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f8 uni_max_len: 00000008 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00fc offset : 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0100 uni_str_len: 00000007 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0104 buffer : E.S.K.U.E.L.L. [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 000112 smb_io_unistr2 uni_logon_dom [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0114 uni_max_len: 00000007 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0118 offset : 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 011c uni_str_len: 00000006 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0120 buffer : L.A.B.-.R.R. [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 00012c smb_io_dom_sid2 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 012c num_auths: 00000004 [2006/11/08 12:11:56, 8] rpc_parse/parse_prs.c:prs_debug(84) 000130 smb_io_dom_sid sid [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0130 sid_rev_num: 01 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0131 num_auths : 04 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0132 id_auth[0] : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0133 id_auth[1] : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0134 id_auth[2] : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0135 id_auth[3] : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0136 id_auth[4] : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0137 id_auth[5] : 05 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0138 sub_auths : 00000015 7b7e4147 61020126 26126b85 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0148 auth_resp : 402dc801 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) 014c status : NT_STATUS_OK [2006/11/08 12:11:56, 10] libsmb/credentials.c:creds_client_check(325) creds_client_check: credentials check OK. [2006/11/08 12:11:56, 10] passdb/secrets.c:secrets_named_mutex_release(791) secrets_named_mutex: released mutex for ESKUELL [2006/11/08 12:11:56, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user LAB-RR\wwwutz [2006/11/08 12:11:56, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is lab-rr\wwwutz [2006/11/08 12:11:56, 5] lib/username.c:Get_Pwnam_internals(82) Trying _Get_Pwnam(), username as given is LAB-RR\wwwutz [2006/11/08 12:11:56, 5] lib/username.c:Get_Pwnam_internals(92) Trying _Get_Pwnam(), username as uppercase is LAB-RR\WWWUTZ [2006/11/08 12:11:56, 5] lib/username.c:Get_Pwnam_internals(101) Checking combinations of 0 uppercase letters in lab-rr\wwwutz [2006/11/08 12:11:56, 5] lib/username.c:Get_Pwnam_internals(107) Get_Pwnam_internals didn't find user [LAB-RR\wwwutz]! [2006/11/08 12:11:56, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user wwwutz [2006/11/08 12:11:56, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is wwwutz [2006/11/08 12:11:56, 5] lib/username.c:Get_Pwnam_internals(107) Get_Pwnam_internals did find user [wwwutz]! [2006/11/08 12:11:56, 5] auth/auth_util.c:fill_sam_account(1532) fill_sam_account: located username was [wwwutz] [2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_username(533) pdb_set_username: setting username wwwutz, was [2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_fullname(602) pdb_set_full_name: setting full name Peter Marquardt,R031,1430,, was [2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_domain(556) pdb_set_domain: setting domain WARTHOLE, was [2006/11/08 12:11:56, 4] lib/substitute.c:automount_server(407) Home server: warthole [2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_profile_path(648) pdb_set_profile_path: setting profile path \\warthole\wwwutz\profile, was [2006/11/08 12:11:56, 4] lib/substitute.c:automount_server(407) Home server: warthole [2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_homedir(695) pdb_set_homedir: setting home dir \\warthole\wwwutz, was [2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(671) pdb_set_dir_drive: setting dir drive , was NULL [2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_logon_script(625) pdb_set_logon_script: setting logon script , was [2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_user_sid(462) pdb_set_user_sid: setting user sid S-1-5-21-3841262117-2652492237-290310771-1260 [2006/11/08 12:11:56, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-3841262117-2652492237-290310771-1260 from rid 1260 [2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_nt_username(579) pdb_set_nt_username: setting nt username wwwutz, was [2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_username(533) pdb_set_username: setting username wwwutz, was wwwutz [2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_domain(556) pdb_set_domain: setting domain LAB-RR, was WARTHOLE [2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_user_sid(462) pdb_set_user_sid: setting user sid S-1-5-21-2071871815-1627521318-638741381-1037 [2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_group_sid(520) pdb_set_group_sid: setting group sid S-1-5-21-3841262117-2652492237-290310771-513 [2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_fullname(602) pdb_set_full_name: setting full name , was Peter Marquardt,R031,1430, [2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_logon_script(625) pdb_set_logon_script: setting logon script , was [2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_profile_path(648) pdb_set_profile_path: setting profile path , was \\warthole\wwwutz\profile [2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_homedir(695) pdb_set_homedir: setting home dir , was \\warthole\wwwutz [2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(671) pdb_set_dir_drive: setting dir drive , was [2006/11/08 12:11:56, 10] libsmb/samlogon_cache.c:netsamlogon_cache_store(134) netsamlogon_cache_store: SID [S-1-5-21-2071871815-1627521318-638741381-1037] [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 timestamp: 4551bb7c [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) 000004 net_io_user_info3 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 ptr_user_info : 0015aed8 [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_time logon time [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 low : 6dc42ed0 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c high: 01c70314 [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_time logoff time [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 low : ffffffff [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 high: 7fffffff [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_time kickoff time [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 low : ffffffff [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c high: 7fffffff [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_time last set time [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 low : e66ea200 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 high: 01bb61e6 [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000028 smb_io_time can change time [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 low : e66ea200 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c high: 01bb61e6 [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_time must change time [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 low : ffffffff [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 high: 7fffffff [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000038 smb_io_unihdr hdr_user_name [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0038 uni_str_len: 000e [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 003a uni_max_len: 000e [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c buffer : 00000001 [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000040 smb_io_unihdr hdr_full_name [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0040 uni_str_len: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0042 uni_max_len: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 buffer : 00000000 [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_unihdr hdr_logon_script [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0048 uni_str_len: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 004a uni_max_len: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c buffer : 00000000 [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000050 smb_io_unihdr hdr_profile_path [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0050 uni_str_len: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0052 uni_max_len: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0054 buffer : 00000000 [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000058 smb_io_unihdr hdr_home_dir [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0058 uni_str_len: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 005a uni_max_len: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 005c buffer : 00000000 [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000060 smb_io_unihdr hdr_dir_drive [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0060 uni_str_len: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0062 uni_max_len: 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0064 buffer : 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0068 logon_count : 0419 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 006a bad_pw_count : 0000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 006c user_rid : 0000040d [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0070 group_rid : 00000417 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0074 num_groups : 00000002 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0078 buffer_groups : 0015afa4 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 007c user_flgs : 00000120 [2006/11/08 12:11:56, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) dump_user_flgs account has LOGON_EXTRA_SIDS account has LOGON_NTLMV2_ENABLED [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0080 user_sess_key: 09 94 83 62 f1 7d 25 a6 3b 56 b0 b6 7b 29 b5 d2 [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000090 smb_io_unihdr hdr_logon_srv [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0090 uni_str_len: 000e [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0092 uni_max_len: 0010 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0094 buffer : 0015afcc [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000098 smb_io_unihdr hdr_logon_dom [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0098 uni_str_len: 000c [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) 009a uni_max_len: 000e [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 009c buffer : 0015afdc [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00a0 buffer_dom_id : 0015afb4 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 00a4 lm_sess_key: 6b ed d0 fd 0d 81 d6 c8 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00ac acct_flags : 00000000 [2006/11/08 12:11:56, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) dump_acct_flags [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b0 unkown: 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b4 unkown: 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b8 unkown: 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00bc unkown: 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c0 unkown: 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c4 unkown: 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c8 unkown: 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00cc num_other_sids: 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d0 buffer_other_sids: 00000000 [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 0000d4 smb_io_unistr2 uni_user_name [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d4 uni_max_len: 00000007 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00d8 offset : 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00dc uni_str_len: 00000007 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 00e0 buffer : w.w.w.u.t.z... [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 0000ee smb_io_unistr2 - NULL uni_full_name [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 0000ee smb_io_unistr2 - NULL uni_logon_script [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 0000ee smb_io_unistr2 - NULL uni_profile_path [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 0000ee smb_io_unistr2 - NULL uni_home_dir [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 0000ee smb_io_unistr2 - NULL uni_dir_drive [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f0 num_groups2 : 00000002 [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 0000f4 smb_io_gid [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f4 g_rid: 00000201 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00f8 attr : 00000007 [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 0000fc smb_io_gid [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00fc g_rid: 00000417 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0100 attr : 00000007 [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000104 smb_io_unistr2 uni_logon_srv [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0104 uni_max_len: 00000008 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0108 offset : 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 010c uni_str_len: 00000007 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0110 buffer : E.S.K.U.E.L.L. [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 00011e smb_io_unistr2 uni_logon_dom [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0120 uni_max_len: 00000007 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0124 offset : 00000000 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0128 uni_str_len: 00000006 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 012c buffer : L.A.B.-.R.R. [2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) 000138 smb_io_dom_sid2 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0138 num_auths: 00000004 [2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) 00013c smb_io_dom_sid sid [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 013c sid_rev_num: 01 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 013d num_auths : 04 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 013e id_auth[0] : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 013f id_auth[1] : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0140 id_auth[2] : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0141 id_auth[3] : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0142 id_auth[4] : 00 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0143 id_auth[5] : 05 [2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0144 sub_auths : 00000015 7b7e4147 61020126 26126b85 [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,45) [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,45) wrote 45 [2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2052 smb_pid=16040 smb_uid=4096 smb_mid=13 smt_wct=0 smb_bcc=0 [2006/11/08 12:11:56, 10] libsmb/clientgen.c:cli_rpc_pipe_close(383) cli_rpc_pipe_close: closed pipe \NETLOGON to machine ESKUELL [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,39) [2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,39) wrote 39 [2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2052 smb_pid=16040 smb_uid=4096 smb_mid=14 smt_wct=0 smb_bcc=0 [2006/11/08 12:11:56, 3] auth/auth.c:check_ntlm_password(269) check_ntlm_password: winbind authentication for user [wwwutz] succeeded [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:56, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:56, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:56, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:56, 5] auth/auth.c:check_ntlm_password(295) check_ntlm_password: PAM Account for user [wwwutz] succeeded [2006/11/08 12:11:56, 2] auth/auth.c:check_ntlm_password(304) check_ntlm_password: authentication for user [wwwutz] -> [wwwutz] -> [wwwutz] succeeded [2006/11/08 12:11:56, 5] auth/auth_util.c:free_user_info(1866) attempting to free (and zero) a user_info structure [2006/11/08 12:11:56, 10] auth/auth_util.c:free_user_info(1869) structure was created for wwwutz [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: WARTHOLE\wwwutz => WARTHOLE (domain), wwwutz (name) [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:56, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:56, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:56, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:56, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) getsampwnam (smbpasswd): search by name: wwwutz [2006/11/08 12:11:56, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) startsmbfilepwent_internal: opening file /var/samba/private/smbpasswd [2006/11/08 12:11:56, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) getsmbfilepwent: end of file reached. [2006/11/08 12:11:56, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) endsmbfilepwent_internal: closed password file. [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:56, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:56, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:56, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: Unix User\wwwutz => Unix User (domain), wwwutz (name) [2006/11/08 12:11:56, 10] lib/util_pw.c:getpwnam_alloc(76) Got wwwutz from pwnam_cache [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_uid(1209) sid_to_uid: S-1-22-1-130 -> 130 [2006/11/08 12:11:56, 10] lib/system_smbd.c:sys_getgrouplist(125) sys_getgrouplist: user [wwwutz] [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:56, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:56, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:56, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 15 -> S-1-22-2-15 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 12003 -> S-1-22-2-12003 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 121 -> S-1-22-2-121 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 20 -> S-1-22-2-20 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 209 -> S-1-22-2-209 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 263 -> S-1-22-2-263 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 219 -> S-1-22-2-219 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 352 -> S-1-22-2-352 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 0 -> S-1-22-2-0 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 257 -> S-1-22-2-257 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 1000 -> S-1-22-2-1000 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 369 -> S-1-22-2-369 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 154 -> S-1-22-2-154 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 400 -> S-1-22-2-400 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 5000 -> S-1-22-2-5000 [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-1-130] [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-15] [2006/11/08 12:11:56, 5] lib/privileges.c:get_privileges_for_sids(458) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-5-2] [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-5-11] [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-12003] [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-121] [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-20] [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-209] [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-263] [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-219] [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-352] [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-0] [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-257] [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-1000] [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-369] [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-154] [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-400] [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-5000] [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-15 -> 15 [2006/11/08 12:11:56, 10] auth/auth_util.c:create_local_token(1022) Could not convert SID S-1-1-0 to gid, ignoring it [2006/11/08 12:11:56, 10] auth/auth_util.c:create_local_token(1022) Could not convert SID S-1-5-2 to gid, ignoring it [2006/11/08 12:11:56, 10] auth/auth_util.c:create_local_token(1022) Could not convert SID S-1-5-11 to gid, ignoring it [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-12003 -> 12003 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-121 -> 121 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-20 -> 20 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-209 -> 209 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-263 -> 263 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-219 -> 219 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-352 -> 352 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-0 -> 0 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-257 -> 257 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-1000 -> 1000 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-369 -> 369 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-154 -> 154 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-400 -> 400 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-5000 -> 5000 [2006/11/08 12:11:56, 10] auth/auth_util.c:debug_nt_user_token(452) NT user token of user S-1-22-1-130 contains 19 SIDs SID[ 0]: S-1-22-1-130 SID[ 1]: S-1-22-2-15 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-12003 SID[ 6]: S-1-22-2-121 SID[ 7]: S-1-22-2-20 SID[ 8]: S-1-22-2-209 SID[ 9]: S-1-22-2-263 SID[ 10]: S-1-22-2-219 SID[ 11]: S-1-22-2-352 SID[ 12]: S-1-22-2-0 SID[ 13]: S-1-22-2-257 SID[ 14]: S-1-22-2-1000 SID[ 15]: S-1-22-2-369 SID[ 16]: S-1-22-2-154 SID[ 17]: S-1-22-2-400 SID[ 18]: S-1-22-2-5000 SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 12:11:56, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(132) Got NT session key of length 16 [2006/11/08 12:11:56, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(139) Got LM session key of length 8 [2006/11/08 12:11:56, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(738) ntlmssp_server_auth: Created NTLM2 session key. [2006/11/08 12:11:56, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2006/11/08 12:11:56, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xe0088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2006/11/08 12:11:56, 10] smbd/password.c:register_vuid(185) register_vuid: allocated vuid = 101 [2006/11/08 12:11:56, 10] lib/util_pw.c:getpwnam_alloc(76) Got wwwutz from pwnam_cache [2006/11/08 12:11:56, 10] smbd/password.c:register_vuid(273) register_vuid: (130,15) wwwutz wwwutz LAB-RR guest=0 [2006/11/08 12:11:56, 3] smbd/password.c:register_vuid(279) User name: wwwutz Real name: [2006/11/08 12:11:56, 3] smbd/password.c:register_vuid(300) UNIX uid 130 is UNIX user wwwutz, and will be vuid 101 [2006/11/08 12:11:56, 7] param/loadparm.c:lp_servicenumber(5112) lp_servicenumber: couldn't find wwwutz [2006/11/08 12:11:56, 3] smbd/password.c:register_vuid(330) Adding homes service for user 'wwwutz' using home directory: '/home/wwwutz' [2006/11/08 12:11:56, 8] param/loadparm.c:add_a_service(2494) add_a_service: Creating snum = 346 for wwwutz [2006/11/08 12:11:56, 10] param/loadparm.c:hash_a_service(2541) hash_a_service: hashing index 346 for service name wwwutz [2006/11/08 12:11:56, 3] param/loadparm.c:lp_add_home(2587) adding home's share [wwwutz] for user 'wwwutz' at '/home/wwwutz' [2006/11/08 12:11:56, 6] param/loadparm.c:lp_file_list_changed(2998) lp_file_list_changed() file /usr/local/samba/etc/smb.conf.service.bkps -> /usr/local/samba/etc/smb.conf.service.bkps last mod_time: Tue Nov 7 10:59:35 2006 file /usr/local/samba/etc/smb.conf.global.%h -> /usr/local/samba/etc/smb.conf.global.warthole last mod_time: Thu Jan 1 01:00:00 1970 file /usr/local/samba/etc/smb.conf.global -> /usr/local/samba/etc/smb.conf.global last mod_time: Tue Nov 7 10:59:35 2006 file /usr/local/samba/etc/smb.conf -> /usr/local/samba/etc/smb.conf last mod_time: Wed Nov 8 12:11:08 2006 [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=104 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=20480 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=61 [2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 30 00 2E 00 32 00 33 00 63 00 00 00 4C ...0...2 .3.c...L [030] 00 41 00 42 00 2D 00 52 00 52 00 00 00 .A.B.-.R .R... [2006/11/08 12:11:56, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: 60 [2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 96 [2006/11/08 12:11:56, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x60 [2006/11/08 12:11:56, 3] smbd/process.c:process_smb(1110) Transaction 3 of length 100 [2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) size=96 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=20544 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=53 [2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 5C 00 57 00 41 00 52 00 54 00 48 00 4F .\.\.W.A .R.T.H.O [010] 00 4C 00 45 00 5C 00 4D 00 41 00 4D 00 45 00 50 .L.E.\.M .A.M.E.P [020] 00 49 00 4D 00 41 00 47 00 45 00 53 00 00 00 3F .I.M.A.G .E.S...? [030] 3F 3F 3F 3F 00 ????. [2006/11/08 12:11:56, 3] smbd/process.c:switch_message(914) switch message SMBtconX (pid 16040) conn 0x0 [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:56, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:56, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:56, 5] smbd/uid.c:change_to_root_user(274) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 12:11:56, 4] smbd/reply.c:reply_tcon_and_X(668) Client requested device type [?????] for share [MAMEPIMAGES] [2006/11/08 12:11:56, 5] smbd/service.c:make_connection(1116) making a connection to 'normal' service mamepimages [2006/11/08 12:11:56, 10] smbd/share_access.c:user_ok_token(224) user_ok_token: share mamepimages is ok for unix user wwwutz [2006/11/08 12:11:56, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user wwwutz [2006/11/08 12:11:56, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is wwwutz [2006/11/08 12:11:56, 10] lib/util_pw.c:getpwnam_alloc(76) Got wwwutz from pwnam_cache [2006/11/08 12:11:56, 5] lib/username.c:Get_Pwnam_internals(107) Get_Pwnam_internals did find user [wwwutz]! [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: WARTHOLE\imgdata => WARTHOLE (domain), imgdata (name) [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:56, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:56, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:56, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:56, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) getsampwnam (smbpasswd): search by name: imgdata [2006/11/08 12:11:56, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) startsmbfilepwent_internal: opening file /var/samba/private/smbpasswd [2006/11/08 12:11:56, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) getsmbfilepwent: end of file reached. [2006/11/08 12:11:56, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) endsmbfilepwent_internal: closed password file. [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:56, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:56, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:56, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: Unix User\imgdata => Unix User (domain), imgdata (name) [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_uid(1209) sid_to_uid: S-1-22-1-1087 -> 1087 [2006/11/08 12:11:56, 10] lib/system_smbd.c:sys_getgrouplist(125) sys_getgrouplist: user [imgdata] [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:56, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:56, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:56, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 372 -> S-1-22-2-372 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 392 -> S-1-22-2-392 [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-1-1087] [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-372] [2006/11/08 12:11:56, 5] lib/privileges.c:get_privileges_for_sids(458) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-5-2] [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-5-11] [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-392] [2006/11/08 12:11:56, 3] smbd/service.c:make_connection_snum(672) Forced user imgdata [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: WARTHOLE\abt_her => WARTHOLE (domain), abt_her (name) [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:56, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:56, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:56, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: Unix Group\abt_her => Unix Group (domain), abt_her (name) [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-9000 -> 9000 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: WARTHOLE\imgdata => WARTHOLE (domain), imgdata (name) [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:56, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:56, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:56, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:56, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) getsampwnam (smbpasswd): search by name: imgdata [2006/11/08 12:11:56, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) startsmbfilepwent_internal: opening file /var/samba/private/smbpasswd [2006/11/08 12:11:56, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) getsmbfilepwent: end of file reached. [2006/11/08 12:11:56, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) endsmbfilepwent_internal: closed password file. [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:56, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:56, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:56, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: Unix User\imgdata => Unix User (domain), imgdata (name) [2006/11/08 12:11:56, 10] lib/util_pw.c:getpwnam_alloc(76) Got imgdata from pwnam_cache [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_uid(1209) sid_to_uid: S-1-22-1-1087 -> 1087 [2006/11/08 12:11:56, 10] lib/system_smbd.c:sys_getgrouplist(125) sys_getgrouplist: user [imgdata] [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:56, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:56, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:56, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:56, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 372 -> S-1-22-2-372 [2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 392 -> S-1-22-2-392 [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-1-1087] [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-372] [2006/11/08 12:11:56, 5] lib/privileges.c:get_privileges_for_sids(458) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-5-2] [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-5-11] [2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-392] [2006/11/08 12:11:56, 10] smbd/service.c:make_connection_snum(736) Could not convert SID S-1-22-1-1087 to gid, ignoring it [2006/11/08 12:11:56, 0] lib/util_str.c:safe_strcat_fn(636) ERROR: string overflow by 7 in safe_strcat [-1802264934] [2006/11/08 12:11:56, 0] lib/util_str.c:safe_strcat_fn(636) ERROR: string overflow by 11 in safe_strcat [-1651269932] [2006/11/08 12:11:56, 0] lib/util_str.c:safe_strcat_fn(636) ERROR: string overflow by 10 in safe_strcat [-745763429] [2006/11/08 12:11:56, 0] lib/util_str.c:safe_strcat_fn(636) ERROR: string overflow by 11 in safe_strcat [-1851880033] [2006/11/08 12:11:56, 0] lib/util_str.c:safe_strcat_fn(636) ERROR: string overflow by 11 in safe_strcat [-1680630116] [2006/11/08 12:11:56, 0] lib/util_str.c:safe_strcat_fn(636) ERROR: string overflow by 11 in safe_strcat [-1702061423] [2006/11/08 12:11:56, 0] lib/util_str.c:safe_strcat_fn(636) ERROR: string overflow by 11 in safe_strcat [-2003053682] [2006/11/08 12:11:57, 6] param/loadparm.c:lp_file_list_changed(2998) lp_file_list_changed() file /usr/local/samba/etc/smb.conf.service.bkps -> /usr/local/samba/etc/smb.conf.service.bkps last mod_time: Tue Nov 7 10:59:35 2006 file /usr/local/samba/etc/smb.conf.global.%h -> /usr/local/samba/etc/smb.conf.global.warthole last mod_time: Thu Jan 1 01:00:00 1970 file /usr/local/samba/etc/smb.conf.global -> /usr/local/samba/etc/smb.conf.global last mod_time: Tue Nov 7 10:59:35 2006 file /usr/local/samba/etc/smb.conf -> /usr/local/samba/etc/smb.conf last mod_time: Wed Nov 8 12:11:08 2006 [2006/11/08 12:11:57, 5] auth/auth_util.c:make_user_info_map(160) make_user_info_map: Mapping user [lab-rr]\[wwwutz] from workstation [WALDI] [2006/11/08 12:11:57, 10] lib/gencache.c:gencache_get(285) Returning valid cache entry: key = TDOMCACHE/TIMESTAMP, value = 1162983779, timeout = Wed Nov 8 12:12:59 2006 [2006/11/08 12:11:57, 10] libsmb/trustdom_cache.c:update_trustdom_cache(326) update_trustdom_cache: not time to update trustdom_cache yet [2006/11/08 12:11:57, 10] lib/gencache.c:gencache_get(312) Cache entry with key = TDOM/LAB-RR couldn't be found [2006/11/08 12:11:57, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain lab-rr found. [2006/11/08 12:11:57, 5] auth/auth_util.c:make_user_info(75) attempting to make a user_info for wwwutz (wwwutz) [2006/11/08 12:11:57, 5] auth/auth_util.c:make_user_info(85) making strings for wwwutz's user_info struct [2006/11/08 12:11:57, 5] auth/auth_util.c:make_user_info(117) making blobs for wwwutz's user_info struct [2006/11/08 12:11:57, 10] auth/auth_util.c:make_user_info(135) made an encrypted user_info for wwwutz (wwwutz) [2006/11/08 12:11:57, 3] auth/auth.c:check_ntlm_password(220) check_ntlm_password: Checking password for unmapped user [lab-rr]\[wwwutz]@[WALDI] with the new password interface [2006/11/08 12:11:57, 3] auth/auth.c:check_ntlm_password(223) check_ntlm_password: mapped user is: [LAB-RR]\[wwwutz]@[WALDI] [2006/11/08 12:11:57, 10] auth/auth.c:check_ntlm_password(232) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2006/11/08 12:11:57, 10] auth/auth.c:check_ntlm_password(235) challenge is: [2006/11/08 12:11:57, 5] lib/util.c:dump_data(2215) [000] 33 43 A6 A4 83 99 C3 27 3C.....' [2006/11/08 12:11:57, 10] auth/auth.c:check_ntlm_password(261) check_ntlm_password: guest had nothing to say [2006/11/08 12:11:57, 8] lib/util.c:is_myname(2036) is_myname("LAB-RR") returns 0 [2006/11/08 12:11:57, 6] auth/auth_sam.c:check_samstrict_security(412) check_samstrict_security: LAB-RR is not one of my local names (ROLE_DOMAIN_MEMBER) [2006/11/08 12:11:57, 10] auth/auth.c:check_ntlm_password(261) check_ntlm_password: sam had nothing to say [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:57, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:57, 8] libsmb/namequery.c:get_sorted_dc_list(1550) get_sorted_dc_list: attempting lookup using [lmhosts wins host bcast] [2006/11/08 12:11:57, 10] lib/gencache.c:gencache_get(285) Returning valid cache entry: key = SAF/DOMAIN/LAB-RR, value = ESKUELL, timeout = Wed Nov 8 12:26:56 2006 [2006/11/08 12:11:57, 5] libsmb/namequery.c:saf_fetch(107) saf_fetch: Returning "ESKUELL" for "LAB-RR" domain [2006/11/08 12:11:57, 3] libsmb/namequery.c:get_dc_list(1426) get_dc_list: preferred server list: "ESKUELL, *" [2006/11/08 12:11:57, 10] libsmb/namequery.c:internal_resolve_name(1132) internal_resolve_name: looking up LAB-RR#1c [2006/11/08 12:11:57, 10] lib/gencache.c:gencache_get(285) Returning valid cache entry: key = NBT/LAB-RR#1C, value = 141.14.16.97:0,141.14.17.120:0,141.14.17.130:0,141.14.19.244:0, timeout = Wed Nov 8 12:13:59 2006 [2006/11/08 12:11:57, 5] libsmb/namecache.c:namecache_fetch(201) name LAB-RR#1C found. [2006/11/08 12:11:57, 8] libsmb/namequery.c:get_dc_list(1441) Adding 4 DC's from auto lookup [2006/11/08 12:11:57, 10] libsmb/namequery.c:internal_resolve_name(1132) internal_resolve_name: looking up ESKUELL#20 [2006/11/08 12:11:57, 10] lib/gencache.c:gencache_get(285) Returning valid cache entry: key = NBT/ESKUELL#20, value = 141.14.16.97:0, timeout = Wed Nov 8 12:13:59 2006 [2006/11/08 12:11:57, 5] libsmb/namecache.c:namecache_fetch(201) name ESKUELL#20 found. [2006/11/08 12:11:57, 10] libsmb/namequery.c:remove_duplicate_addrs2(408) remove_duplicate_addrs2: looking for duplicate address/port pairs [2006/11/08 12:11:57, 4] libsmb/namequery.c:get_dc_list(1528) get_dc_list: returning 4 ip addresses in an ordered list [2006/11/08 12:11:57, 4] libsmb/namequery.c:get_dc_list(1530) get_dc_list: 141.14.16.97:0 141.14.17.120:0 141.14.17.130:0 141.14.19.244:0 [2006/11/08 12:11:57, 10] libsmb/namequery.c:name_status_find(275) name_status_find: looking up LAB-RR#1c at 141.14.16.97 [2006/11/08 12:11:57, 10] lib/gencache.c:gencache_get(312) Cache entry with key = NBT/LAB-RR#1C.20.141.14.16.97 couldn't be found [2006/11/08 12:11:57, 5] libsmb/namecache.c:namecache_status_fetch(308) namecache_status_fetch: no entry for NBT/LAB-RR#1C.20.141.14.16.97 found. [2006/11/08 12:11:57, 10] lib/gencache.c:gencache_del(218) Deleting cache entry (key = NBT/LAB-RR#1C.20.141.14.16.97) [2006/11/08 12:11:57, 10] lib/util_sock.c:open_socket_in(839) bind succeeded on port 0 [2006/11/08 12:11:57, 5] libsmb/nmblib.c:send_udp(776) Sending a packet of len 50 to (141.14.16.97) on port 137 [2006/11/08 12:11:57, 10] lib/util_sock.c:read_udp_socket(293) read_udp_socket: lastip 141.14.16.97 lastport 137 read: 301 [2006/11/08 12:11:57, 10] libsmb/nmblib.c:parse_nmb(506) parse_nmb: packet id = 1426 [2006/11/08 12:11:57, 5] libsmb/nmblib.c:read_packet(754) Received a packet of len 301 from (141.14.16.97) port 137 [2006/11/08 12:11:57, 4] libsmb/nmblib.c:debug_nmb_packet(112) nmb packet from 141.14.16.97(137) header: id=1426 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=LAB-RR<1c> rr_type=33 rr_class=1 ttl=0 answers 0 char .ESKUELL hex 0A45534B55454C4C2020202020202020 answers 10 char .D.LAB-RR hex 0044004C41422D525220202020202020 answers 20 char ...LAB-RR hex 202000C4004C41422D52522020202020 answers 30 char ...ESKUELL hex 202020201CC40045534B55454C4C2020 answers 40 char D.LAB-RR hex 2020202020202044004C41422D525220 answers 50 char .D.ESKUE hex 20202020202020201B440045534B5545 answers 60 char LL .D.ADM hex 4C4C202020202020202003440041444D answers 70 char INISTRATOR .D.L hex 494E4953545241544F5220200344004C answers 80 char AB-RR .. hex 41422D52522020202020202020201EC4 answers 90 char .LAB-RR hex 004C41422D5252202020202020202020 answers a0 char .D...__MSBROWSE_ hex 1D440001025F5F4D5342524F5753455F answers b0 char _........]...... hex 5F0201C4000000F8025D840000000000 answers c0 char ................ hex 00000000000000000000000000000000 answers d0 char ................ hex 00000000000000000000000000000000 answers e0 char ... hex 000000 [2006/11/08 12:11:57, 10] libsmb/namequery.c:parse_node_status(157) ESKUELL#00: flags = 0x44 [2006/11/08 12:11:57, 10] libsmb/namequery.c:parse_node_status(157) LAB-RR#00: flags = 0xc4 [2006/11/08 12:11:57, 10] libsmb/namequery.c:parse_node_status(157) LAB-RR#1c: flags = 0xc4 [2006/11/08 12:11:57, 10] libsmb/namequery.c:parse_node_status(157) ESKUELL#20: flags = 0x44 [2006/11/08 12:11:57, 10] libsmb/namequery.c:parse_node_status(157) LAB-RR#1b: flags = 0x44 [2006/11/08 12:11:57, 10] libsmb/namequery.c:parse_node_status(157) ESKUELL#03: flags = 0x44 [2006/11/08 12:11:57, 10] libsmb/namequery.c:parse_node_status(157) ADMINISTRATOR#03: flags = 0x44 [2006/11/08 12:11:57, 10] libsmb/namequery.c:parse_node_status(157) LAB-RR#1e: flags = 0xc4 [2006/11/08 12:11:57, 10] libsmb/namequery.c:parse_node_status(157) LAB-RR#1d: flags = 0x44 [2006/11/08 12:11:57, 10] libsmb/namequery.c:parse_node_status(157) __MSBROWSE__#01: flags = 0xc4 [2006/11/08 12:11:57, 10] libsmb/namequery.c:name_status_find(315) name_status_find: name found, name ESKUELL ip address is 141.14.16.97 [2006/11/08 12:11:57, 3] libsmb/namequery_dc.c:rpc_dc_name(116) rpc_dc_name: Returning DC ESKUELL (141.14.16.97) for domain LAB-RR [2006/11/08 12:11:57, 10] passdb/secrets.c:secrets_named_mutex(779) secrets_named_mutex: got mutex for ESKUELL [2006/11/08 12:11:57, 3] libsmb/cliconnect.c:cli_start_connection(1417) Connecting to host=ESKUELL [2006/11/08 12:11:57, 3] lib/util_sock.c:open_socket_out(874) Connecting to 141.14.16.97 at port 445 [2006/11/08 12:11:57, 2] lib/util_sock.c:open_socket_out(910) error connecting to 141.14.16.97:445 (Connection refused) [2006/11/08 12:11:57, 3] lib/util_sock.c:open_socket_out(874) Connecting to 141.14.16.97 at port 139 [2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 0 [2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 0 [2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 4 [2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 8 [2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEPORT = 0 [2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 33580 [2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 33580 [2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1460 [2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,72) [2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,72) wrote 72 [2006/11/08 12:11:57, 5] libsmb/cliconnect.c:cli_session_request(1262) Sent session request [2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 0 [2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) size=0 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=0 smb_pid=0 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=0 [2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,183) [2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,183) wrote 183 [2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 91 [2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) size=91 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=2695 smb_uid=0 smb_mid=2 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=65283 (0xFF03) smb_vwv[ 2]= 257 (0x101) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 17 (0x11) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 67 (0x43) smb_vwv[11]=36864 (0x9000) smb_vwv[12]=32442 (0x7EBA) smb_vwv[13]= 9950 (0x26DE) smb_vwv[14]=50947 (0xC703) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 2303 (0x8FF) smb_bcc=22 [2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) [000] 8A AD 22 1A 51 E8 30 4E 4C 00 41 00 42 00 2D 00 ..".Q.0N L.A.B.-. [010] 52 00 52 00 00 00 R.R... [2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) size=91 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=2695 smb_uid=0 smb_mid=2 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=65283 (0xFF03) smb_vwv[ 2]= 257 (0x101) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 17 (0x11) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 67 (0x43) smb_vwv[11]=36864 (0x9000) smb_vwv[12]=32442 (0x7EBA) smb_vwv[13]= 9950 (0x26DE) smb_vwv[14]=50947 (0xC703) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 2303 (0x8FF) smb_bcc=22 [2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) [000] 8A AD 22 1A 51 E8 30 4E 4C 00 41 00 42 00 2D 00 ..".Q.0N L.A.B.-. [010] 52 00 52 00 00 00 R.R... [2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,92) [2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,92) wrote 92 [2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 124 [2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) size=124 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=2695 smb_uid=22528 smb_mid=3 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 124 (0x7C) smb_vwv[ 2]= 0 (0x0) smb_bcc=83 [2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) [000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [010] 00 4E 00 54 00 20 00 34 00 2E 00 30 00 00 00 4E .N.T. .4 ...0...N [020] 00 54 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 .T. .L.A .N. .M.a [030] 00 6E 00 61 00 67 00 65 00 72 00 20 00 34 00 2E .n.a.g.e .r. .4.. [040] 00 30 00 00 00 4C 00 41 00 42 00 2D 00 52 00 52 .0...L.A .B.-.R.R [050] 00 00 00 ... [2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) size=124 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=2695 smb_uid=22528 smb_mid=3 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 124 (0x7C) smb_vwv[ 2]= 0 (0x0) smb_bcc=83 [2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) [000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [010] 00 4E 00 54 00 20 00 34 00 2E 00 30 00 00 00 4E .N.T. .4 ...0...N [020] 00 54 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 .T. .L.A .N. .M.a [030] 00 6E 00 61 00 67 00 65 00 72 00 20 00 34 00 2E .n.a.g.e .r. .4.. [040] 00 30 00 00 00 4C 00 41 00 42 00 2D 00 52 00 52 .0...L.A .B.-.R.R [050] 00 00 00 ... [2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,82) [2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,82) wrote 82 [2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 48 [2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=12288 smb_pid=2695 smb_uid=22528 smb_mid=4 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) [000] 49 50 43 00 00 00 00 IPC.... [2006/11/08 12:11:57, 10] libsmb/clientgen.c:cli_init_creds(233) cli_init_creds: user domain [2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,108) [2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,108) wrote 108 [2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 103 [2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=12288 smb_pid=2695 smb_uid=22528 smb_mid=5 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 1024 (0x400) smb_vwv[ 3]= 288 (0x120) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/11/08 12:11:57, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2040) Bind RPC Pipe[2004]: \NETLOGON auth_type 0, auth_level 0 [2006/11/08 12:11:57, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. [010] 01 00 00 00 .... [2006/11/08 12:11:57, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_rb [2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 max_tsize: 10b8 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0012 max_rsize: 10b8 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 assoc_gid: 00000000 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_contexts: 01 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c context_id : 0000 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 001e num_transfer_syntaxes: 01 [2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001f smb_io_rpc_iface [2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 12345678 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1234 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : abcd [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : ef 00 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 01 23 45 67 cf fb [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000001 [2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_rpc_iface [2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_uuid uuid [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 data : 8a885d04 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0038 data : 1ceb [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) 003a data : 11c9 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003c data : 9f e8 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003e data : 08 00 2b 10 48 60 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 version: 00000002 [2006/11/08 12:11:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x2004 [2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=12288 smb_pid=2695 smb_uid=22528 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8196 (0x2004) smb_bcc=87 [2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,158) [2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,158) wrote 158 [2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 124 [2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=12288 smb_pid=2695 smb_uid=22528 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... [010] 00 B8 10 B8 10 3B 79 06 00 0C 00 5C 50 49 50 45 .....;y. ...\PIPE [020] 5C 6C 73 61 73 73 00 82 64 01 00 00 00 00 00 00 \lsass.. d....... [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=12288 smb_pid=2695 smb_uid=22528 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... [010] 00 B8 10 B8 10 3B 79 06 00 0C 00 5C 50 49 50 45 .....;y. ...\PIPE [020] 5C 6C 73 61 73 73 00 82 64 01 00 00 00 00 00 00 \lsass.. d....... [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 12:11:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) rpc_api_pipe: got PDU len of 68 at offset 0 [2006/11/08 12:11:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x2004 returned 68 bytes. [2006/11/08 12:11:57, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2077) rpc_pipe_bind: Remote machine ESKUELL pipe \NETLOGON fnum 0x2004 bind request returned ok. [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_ba [2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_bba [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0010 max_tsize: 10b8 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0012 max_rsize: 10b8 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 assoc_gid: 0006793b [2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_addr_str [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0018 len: 000c [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a str: \PIPE\lsass. [2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000026 smb_io_rpc_results [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0028 num_results: 01 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002c result : 0000 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002e reason : 0000 [2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_rpc_iface [2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_uuid uuid [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 data : 8a885d04 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0034 data : 1ceb [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0036 data : 11c9 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0038 data : 9f e8 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003a data : 08 00 2b 10 48 60 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 version: 00000002 [2006/11/08 12:11:57, 5] rpc_client/cli_pipe.c:check_bind_response(1701) check_bind_response: accepted! [2006/11/08 12:11:57, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2270) cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine ESKUELL and bound anonymously. [2006/11/08 12:11:57, 4] passdb/secrets.c:secrets_fetch_trust_account_password(285) Using cleartext machine password [2006/11/08 12:11:57, 4] rpc_client/cli_netlogon.c:rpccli_net_req_chal(45) cli_net_req_chal: LSA Request Challenge from WARTHOLE to \\ESKUELL [2006/11/08 12:11:57, 5] rpc_parse/parse_net.c:init_q_req_chal(679) init_q_req_chal: 679 [2006/11/08 12:11:57, 5] rpc_parse/parse_net.c:init_q_req_chal(688) init_q_req_chal: 688 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_req_chal [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 undoc_buffer: 00000001 [2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 0000000a [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 0000000a [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.E.S.K.U.E.L.L... [2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_unistr2 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_max_len: 00000009 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 offset : 00000000 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c uni_str_len: 00000009 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0030 buffer : W.A.R.T.H.O.L.E... [2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000042 smb_io_chal [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0042 data: c5 7c 72 c1 dc 3c 44 33 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0062 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000004a [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 opnum : 0004 [2006/11/08 12:11:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x2004 [2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) size=180 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=12288 smb_pid=2695 smb_uid=22528 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 98 (0x62) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 98 (0x62) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8196 (0x2004) smb_bcc=113 [2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 62 00 00 00 02 00 00 00 4A .......b .......J [020] 00 00 00 00 00 04 00 01 00 00 00 0A 00 00 00 00 ........ ........ [030] 00 00 00 0A 00 00 00 5C 00 5C 00 45 00 53 00 4B .......\ .\.E.S.K [040] 00 55 00 45 00 4C 00 4C 00 00 00 09 00 00 00 00 .U.E.L.L ........ [050] 00 00 00 09 00 00 00 57 00 41 00 52 00 54 00 48 .......W .A.R.T.H [060] 00 4F 00 4C 00 45 00 00 00 C5 7C 72 C1 DC 3C 44 .O.L.E.. ..|r...&... [0B0] D9 FA F5 70 55 75 54 B8 C1 31 65 0C 0B D5 F7 23 ...pUuT. .1e....# [0C0] F3 46 2E 85 A7 75 B7 9C 57 43 9D 0E 93 CE 41 23 .F...u.. WC....A# [0D0] 49 FA A5 F9 AA A7 18 16 B2 48 B6 2D 9A CB 89 52 I....... .H.-...R [0E0] 5C 0E C7 2C 97 4C 28 6B D6 48 37 C3 5B 93 42 21 \..,.L(k .H7.[.B! [0F0] 2A 10 11 47 F8 96 B9 EA 8C 20 AC 39 29 8F 00 F4 *..G.... . .9)... [100] DC BC FD 33 0B E9 8D FB 84 FB BB 0C B7 82 A6 5A ...3.... .......Z [110] A5 81 5F 3E 57 34 2F 20 6F 73 56 57 09 62 5A F2 .._>W4/ osVW.bZ. [120] 8A 49 45 8B 1E 61 C8 32 E8 9B 96 12 57 8A 2F D8 .IE..a.2 ....W./. [130] AD 48 F1 28 5E 85 A1 1F B7 28 9C 36 2C 8F 35 8F .H.(^... .(.6,.5. [140] 04 FA FA BD B3 F4 51 44 06 02 00 01 00 00 00 77 ......QD .......w [150] 00 7A 00 FF FF 00 00 19 86 8C 46 9B 9C 0C B4 C1 .z...... ..F..... [160] 56 AE 36 C8 6A F5 05 68 59 E2 09 BE F9 4B F2 V.6.j..h Y....K. [2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,438) [2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,438) wrote 438 [2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 456 [2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) size=456 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=12288 smb_pid=2695 smb_uid=22528 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 400 (0x190) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 400 (0x190) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=401 [2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) [000] 60 05 00 02 03 10 00 00 00 90 01 20 00 05 00 00 `....... ... .... [010] 00 50 01 00 00 00 00 00 00 47 07 3E 14 7C 7A B3 .P...... .G.>.|z. [020] FB 2F E4 CE 4C 3F D2 28 C8 C7 1D 94 E5 5F 7C C5 ./..L?.( ....._|. [030] 12 92 B7 E2 49 C0 5C B2 43 47 8D 39 A2 6F E5 46 ....I.\. CG.9.o.F [040] 04 AA 4B 32 1B 33 77 FA 9D BC 1F 3D B8 50 D2 03 ..K2.3w. ...=.P.. [050] 7D B5 0A FB F6 D9 E0 7C 90 01 CC E2 B9 25 AA 57 }......| .....%.W [060] 92 77 40 79 4C FF D5 67 A3 10 81 34 99 2C B7 C8 .w@yL..g ...4.,.. [070] 5E C0 EC E5 98 49 B6 CA D1 33 5C 02 DE 32 C5 A4 ^....I.. .3\..2.. [080] E2 4A 1F 8C 15 BD 9B F5 A9 F6 DE B0 5F D0 EB 9E .J...... ...._... [090] DB 69 44 EA 6E B5 15 05 CF B7 B1 55 A2 5C E1 B4 .iD.n... ...U.\.. [0A0] 47 A7 C7 30 FA 84 97 3E 47 2D 7B 27 94 D5 B0 79 G..0...> G-{'...y [0B0] F3 ED 97 F6 C2 FE 7E AA 48 4F FD 4C 6D 74 03 03 ......~. HO.Lmt.. [0C0] 96 A9 DB 5D 8D 2E DB 4B 67 DC 1F 5C 72 F5 41 F3 ...]...K g..\r.A. [0D0] 96 35 CC D2 94 1B 3E 35 8C B5 93 64 7F C0 D5 F6 .5....>5 ...d.... [0E0] 3B 04 B6 61 9E 9D 12 F6 E9 07 AD 23 4A 25 04 BE ;..a.... ...#J%.. [0F0] 8F CA B3 F7 6D 78 0A 69 99 F0 1E 09 F8 ED B3 2F ....mx.i ......./ [100] 07 20 89 42 8F C8 84 D8 59 82 0E 6D 23 E9 91 2A . .B.... Y..m#..* [110] 75 25 BA DC E4 02 F4 79 DE 1A 06 5C C7 C2 2A 7C u%.....y ...\..*| [120] F9 D2 AB 4A A1 C8 2C DC A6 0B E0 53 CB E8 E2 65 ...J..,. ...S...e [130] 37 ED 29 EF 72 2A B4 41 07 16 4B 27 FF F7 F4 76 7.).r*.A ..K'...v [140] 72 6C 5F 46 9E DF D4 8C 92 2F 98 CD EA F1 F1 FA rl_F.... ./...... [150] B3 54 45 29 3C 48 87 C9 39 6F AB 0F 0A C9 58 A8 .TE).|z. [020] FB 2F E4 CE 4C 3F D2 28 C8 C7 1D 94 E5 5F 7C C5 ./..L?.( ....._|. [030] 12 92 B7 E2 49 C0 5C B2 43 47 8D 39 A2 6F E5 46 ....I.\. CG.9.o.F [040] 04 AA 4B 32 1B 33 77 FA 9D BC 1F 3D B8 50 D2 03 ..K2.3w. ...=.P.. [050] 7D B5 0A FB F6 D9 E0 7C 90 01 CC E2 B9 25 AA 57 }......| .....%.W [060] 92 77 40 79 4C FF D5 67 A3 10 81 34 99 2C B7 C8 .w@yL..g ...4.,.. [070] 5E C0 EC E5 98 49 B6 CA D1 33 5C 02 DE 32 C5 A4 ^....I.. .3\..2.. [080] E2 4A 1F 8C 15 BD 9B F5 A9 F6 DE B0 5F D0 EB 9E .J...... ...._... [090] DB 69 44 EA 6E B5 15 05 CF B7 B1 55 A2 5C E1 B4 .iD.n... ...U.\.. [0A0] 47 A7 C7 30 FA 84 97 3E 47 2D 7B 27 94 D5 B0 79 G..0...> G-{'...y [0B0] F3 ED 97 F6 C2 FE 7E AA 48 4F FD 4C 6D 74 03 03 ......~. HO.Lmt.. [0C0] 96 A9 DB 5D 8D 2E DB 4B 67 DC 1F 5C 72 F5 41 F3 ...]...K g..\r.A. [0D0] 96 35 CC D2 94 1B 3E 35 8C B5 93 64 7F C0 D5 F6 .5....>5 ...d.... [0E0] 3B 04 B6 61 9E 9D 12 F6 E9 07 AD 23 4A 25 04 BE ;..a.... ...#J%.. [0F0] 8F CA B3 F7 6D 78 0A 69 99 F0 1E 09 F8 ED B3 2F ....mx.i ......./ [100] 07 20 89 42 8F C8 84 D8 59 82 0E 6D 23 E9 91 2A . .B.... Y..m#..* [110] 75 25 BA DC E4 02 F4 79 DE 1A 06 5C C7 C2 2A 7C u%.....y ...\..*| [120] F9 D2 AB 4A A1 C8 2C DC A6 0B E0 53 CB E8 E2 65 ...J..,. ...S...e [130] 37 ED 29 EF 72 2A B4 41 07 16 4B 27 FF F7 F4 76 7.).r*.A ..K'...v [140] 72 6C 5F 46 9E DF D4 8C 92 2F 98 CD EA F1 F1 FA rl_F.... ./...... [150] B3 54 45 29 3C 48 87 C9 39 6F AB 0F 0A C9 58 A8 .TE) [wwwutz] -> [wwwutz] succeeded [2006/11/08 12:11:57, 5] auth/auth_util.c:free_user_info(1866) attempting to free (and zero) a user_info structure [2006/11/08 12:11:57, 10] auth/auth_util.c:free_user_info(1869) structure was created for wwwutz [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: WARTHOLE\wwwutz => WARTHOLE (domain), wwwutz (name) [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:57, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:57, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) getsampwnam (smbpasswd): search by name: wwwutz [2006/11/08 12:11:57, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) startsmbfilepwent_internal: opening file /var/samba/private/smbpasswd [2006/11/08 12:11:57, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) getsmbfilepwent: end of file reached. [2006/11/08 12:11:57, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) endsmbfilepwent_internal: closed password file. [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:57, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: Unix User\wwwutz => Unix User (domain), wwwutz (name) [2006/11/08 12:11:57, 10] lib/util_pw.c:getpwnam_alloc(76) Got wwwutz from pwnam_cache [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_uid(1209) sid_to_uid: S-1-22-1-130 -> 130 [2006/11/08 12:11:57, 10] lib/system_smbd.c:sys_getgrouplist(125) sys_getgrouplist: user [wwwutz] [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:57, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 15 -> S-1-22-2-15 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 12003 -> S-1-22-2-12003 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 121 -> S-1-22-2-121 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 20 -> S-1-22-2-20 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 209 -> S-1-22-2-209 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 263 -> S-1-22-2-263 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 219 -> S-1-22-2-219 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 352 -> S-1-22-2-352 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 0 -> S-1-22-2-0 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 257 -> S-1-22-2-257 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 1000 -> S-1-22-2-1000 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 369 -> S-1-22-2-369 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 154 -> S-1-22-2-154 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 400 -> S-1-22-2-400 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 5000 -> S-1-22-2-5000 [2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-1-130] [2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-15] [2006/11/08 12:11:57, 5] lib/privileges.c:get_privileges_for_sids(458) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-5-2] [2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-5-11] [2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-12003] [2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-121] [2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-20] [2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-209] [2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-263] [2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-219] [2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-352] [2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-0] [2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-257] [2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-1000] [2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-369] [2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-154] [2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-400] [2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-5000] [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-15 -> 15 [2006/11/08 12:11:57, 10] auth/auth_util.c:create_local_token(1022) Could not convert SID S-1-1-0 to gid, ignoring it [2006/11/08 12:11:57, 10] auth/auth_util.c:create_local_token(1022) Could not convert SID S-1-5-2 to gid, ignoring it [2006/11/08 12:11:57, 10] auth/auth_util.c:create_local_token(1022) Could not convert SID S-1-5-11 to gid, ignoring it [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-12003 -> 12003 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-121 -> 121 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-20 -> 20 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-209 -> 209 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-263 -> 263 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-219 -> 219 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-352 -> 352 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-0 -> 0 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-257 -> 257 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-1000 -> 1000 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-369 -> 369 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-154 -> 154 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-400 -> 400 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-5000 -> 5000 [2006/11/08 12:11:57, 10] auth/auth_util.c:debug_nt_user_token(452) NT user token of user S-1-22-1-130 contains 19 SIDs SID[ 0]: S-1-22-1-130 SID[ 1]: S-1-22-2-15 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-12003 SID[ 6]: S-1-22-2-121 SID[ 7]: S-1-22-2-20 SID[ 8]: S-1-22-2-209 SID[ 9]: S-1-22-2-263 SID[ 10]: S-1-22-2-219 SID[ 11]: S-1-22-2-352 SID[ 12]: S-1-22-2-0 SID[ 13]: S-1-22-2-257 SID[ 14]: S-1-22-2-1000 SID[ 15]: S-1-22-2-369 SID[ 16]: S-1-22-2-154 SID[ 17]: S-1-22-2-400 SID[ 18]: S-1-22-2-5000 SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 12:11:57, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(132) Got NT session key of length 16 [2006/11/08 12:11:57, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(139) Got LM session key of length 8 [2006/11/08 12:11:57, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(738) ntlmssp_server_auth: Created NTLM2 session key. [2006/11/08 12:11:57, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2006/11/08 12:11:57, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xe0088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2006/11/08 12:11:57, 10] smbd/password.c:register_vuid(185) register_vuid: allocated vuid = 101 [2006/11/08 12:11:57, 10] lib/util_pw.c:getpwnam_alloc(76) Got wwwutz from pwnam_cache [2006/11/08 12:11:57, 10] smbd/password.c:register_vuid(273) register_vuid: (130,15) wwwutz wwwutz LAB-RR guest=0 [2006/11/08 12:11:57, 3] smbd/password.c:register_vuid(279) User name: wwwutz Real name: [2006/11/08 12:11:57, 3] smbd/password.c:register_vuid(300) UNIX uid 130 is UNIX user wwwutz, and will be vuid 101 [2006/11/08 12:11:57, 7] param/loadparm.c:lp_servicenumber(5112) lp_servicenumber: couldn't find wwwutz [2006/11/08 12:11:57, 3] smbd/password.c:register_vuid(330) Adding homes service for user 'wwwutz' using home directory: '/home/wwwutz' [2006/11/08 12:11:57, 8] param/loadparm.c:add_a_service(2494) add_a_service: Creating snum = 346 for wwwutz [2006/11/08 12:11:57, 10] param/loadparm.c:hash_a_service(2541) hash_a_service: hashing index 346 for service name wwwutz [2006/11/08 12:11:57, 3] param/loadparm.c:lp_add_home(2587) adding home's share [wwwutz] for user 'wwwutz' at '/home/wwwutz' [2006/11/08 12:11:57, 6] param/loadparm.c:lp_file_list_changed(2998) lp_file_list_changed() file /usr/local/samba/etc/smb.conf.service.bkps -> /usr/local/samba/etc/smb.conf.service.bkps last mod_time: Tue Nov 7 10:59:35 2006 file /usr/local/samba/etc/smb.conf.global.%h -> /usr/local/samba/etc/smb.conf.global.warthole last mod_time: Thu Jan 1 01:00:00 1970 file /usr/local/samba/etc/smb.conf.global -> /usr/local/samba/etc/smb.conf.global last mod_time: Tue Nov 7 10:59:35 2006 file /usr/local/samba/etc/smb.conf -> /usr/local/samba/etc/smb.conf last mod_time: Wed Nov 8 12:11:08 2006 [2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) size=104 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=20672 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=61 [2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 30 00 2E 00 32 00 33 00 63 00 00 00 4C ...0...2 .3.c...L [030] 00 41 00 42 00 2D 00 52 00 52 00 00 00 .A.B.-.R .R... [2006/11/08 12:11:57, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: 60 [2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 82 [2006/11/08 12:11:57, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x52 [2006/11/08 12:11:57, 3] smbd/process.c:process_smb(1110) Transaction 3 of length 86 [2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) size=82 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=20736 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 82 (0x52) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=39 [2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 5C 00 57 00 41 00 52 00 54 00 48 00 4F .\.\.W.A .R.T.H.O [010] 00 4C 00 45 00 5C 00 49 00 50 00 43 00 24 00 00 .L.E.\.I .P.C.$.. [020] 00 3F 3F 3F 3F 3F 00 .?????. [2006/11/08 12:11:57, 3] smbd/process.c:switch_message(914) switch message SMBtconX (pid 2695) conn 0x0 [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:57, 5] smbd/uid.c:change_to_root_user(274) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 12:11:57, 4] smbd/reply.c:reply_tcon_and_X(668) Client requested device type [?????] for share [IPC$] [2006/11/08 12:11:57, 5] smbd/service.c:make_connection(1116) making a connection to 'normal' service ipc$ [2006/11/08 12:11:57, 10] smbd/share_access.c:user_ok_token(224) user_ok_token: share IPC$ is ok for unix user wwwutz [2006/11/08 12:11:57, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user wwwutz [2006/11/08 12:11:57, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is wwwutz [2006/11/08 12:11:57, 10] lib/util_pw.c:getpwnam_alloc(76) Got wwwutz from pwnam_cache [2006/11/08 12:11:57, 5] lib/username.c:Get_Pwnam_internals(107) Get_Pwnam_internals did find user [wwwutz]! [2006/11/08 12:11:57, 10] smbd/service.c:set_conn_connectpath(121) set_conn_connectpath: service IPC$, connectpath = /tmp [2006/11/08 12:11:57, 3] smbd/service.c:make_connection_snum(751) Connect path is '/tmp' for service [IPC$] [2006/11/08 12:11:57, 4] lib/sharesec.c:get_share_security(130) get_share_security: using default secdesc for IPC$ [2006/11/08 12:11:57, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2006/11/08 12:11:57, 10] lib/util_seaccess.c:se_access_check(231) se_access_check: requested access 0x00000002, for NT token with 19 entries and first sid S-1-22-1-130. [2006/11/08 12:11:57, 3] lib/util_seaccess.c:se_access_check(250) [2006/11/08 12:11:57, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-130 se_access_check: also S-1-22-2-15 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-12003 se_access_check: also S-1-22-2-121 se_access_check: also S-1-22-2-20 se_access_check: also S-1-22-2-209 se_access_check: also S-1-22-2-263 se_access_check: also S-1-22-2-219 se_access_check: also S-1-22-2-352 se_access_check: also S-1-22-2-0 se_access_check: also S-1-22-2-257 se_access_check: also S-1-22-2-1000 se_access_check: also S-1-22-2-369 se_access_check: also S-1-22-2-154 se_access_check: also S-1-22-2-400 se_access_check: also S-1-22-2-5000 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2006/11/08 12:11:57, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (2) granted. [2006/11/08 12:11:57, 3] smbd/vfs.c:vfs_init_default(219) Initialising default vfs hooks [2006/11/08 12:11:57, 5] smbd/connection.c:claim_connection(170) claiming IPC$ 0 [2006/11/08 12:11:57, 10] smbd/share_access.c:user_ok_token(224) user_ok_token: share IPC$ is ok for unix user wwwutz [2006/11/08 12:11:57, 10] smbd/share_access.c:is_share_read_only_for_token(265) is_share_read_only_for_user: share IPC$ is read-only for unix user wwwutz [2006/11/08 12:11:57, 4] lib/sharesec.c:get_share_security(130) get_share_security: using default secdesc for IPC$ [2006/11/08 12:11:57, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2006/11/08 12:11:57, 10] lib/util_seaccess.c:se_access_check(231) se_access_check: requested access 0x00000001, for NT token with 19 entries and first sid S-1-22-1-130. [2006/11/08 12:11:57, 3] lib/util_seaccess.c:se_access_check(250) [2006/11/08 12:11:57, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-130 se_access_check: also S-1-22-2-15 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-12003 se_access_check: also S-1-22-2-121 se_access_check: also S-1-22-2-20 se_access_check: also S-1-22-2-209 se_access_check: also S-1-22-2-263 se_access_check: also S-1-22-2-219 se_access_check: also S-1-22-2-352 se_access_check: also S-1-22-2-0 se_access_check: also S-1-22-2-257 se_access_check: also S-1-22-2-1000 se_access_check: also S-1-22-2-369 se_access_check: also S-1-22-2-154 se_access_check: also S-1-22-2-400 se_access_check: also S-1-22-2-5000 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2006/11/08 12:11:57, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (1) granted. [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (130, 15) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(452) NT user token of user S-1-22-1-130 contains 19 SIDs SID[ 0]: S-1-22-1-130 SID[ 1]: S-1-22-2-15 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-12003 SID[ 6]: S-1-22-2-121 SID[ 7]: S-1-22-2-20 SID[ 8]: S-1-22-2-209 SID[ 9]: S-1-22-2-263 SID[ 10]: S-1-22-2-219 SID[ 11]: S-1-22-2-352 SID[ 12]: S-1-22-2-0 SID[ 13]: S-1-22-2-257 SID[ 14]: S-1-22-2-1000 SID[ 15]: S-1-22-2-369 SID[ 16]: S-1-22-2-154 SID[ 17]: S-1-22-2-400 SID[ 18]: S-1-22-2-5000 SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 130 Primary group is 15 and contains 15 supplementary groups Group[ 0]: 15 Group[ 1]: 12003 Group[ 2]: 121 Group[ 3]: 20 Group[ 4]: 209 Group[ 5]: 263 Group[ 6]: 219 Group[ 7]: 352 Group[ 8]: 0 Group[ 9]: 257 Group[ 10]: 1000 Group[ 11]: 369 Group[ 12]: 154 Group[ 13]: 400 Group[ 14]: 5000 [2006/11/08 12:11:57, 5] smbd/uid.c:change_to_user(259) change_to_user uid=(0,130) gid=(0,15) [2006/11/08 12:11:57, 3] smbd/service.c:make_connection_snum(941) waldi (141.14.22.101) connect to service IPC$ initially as user wwwutz (uid=130, gid=15) (pid 2695) [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:57, 5] smbd/uid.c:change_to_root_user(274) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 12:11:57, 2] smbd/reply.c:reply_tcon_and_X(711) Serving IPC$ as a Dfs root [2006/11/08 12:11:57, 3] smbd/reply.c:reply_tcon_and_X(715) tconX service=IPC$ [2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=20736 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 3 (0x3) smb_bcc=7 [2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) [000] 49 50 43 00 00 00 00 IPC.... [2006/11/08 12:11:57, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: 60 [2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 116 [2006/11/08 12:11:57, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x74 [2006/11/08 12:11:57, 3] smbd/process.c:process_smb(1110) Transaction 4 of length 120 [2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) size=116 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=2844 smb_uid=101 smb_mid=20800 smt_wct=15 smb_vwv[ 0]= 48 (0x30) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 48 (0x30) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 16 (0x10) smb_bcc=51 [2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) [000] 00 00 00 03 00 5C 00 77 00 61 00 72 00 74 00 68 .....\.w .a.r.t.h [010] 00 6F 00 6C 00 65 00 5C 00 6D 00 61 00 6D 00 65 .o.l.e.\ .m.a.m.e [020] 00 70 00 69 00 6D 00 61 00 67 00 65 00 73 00 5C .p.i.m.a .g.e.s.\ [030] 00 00 00 ... [2006/11/08 12:11:57, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 2695) conn 0x14028a050 [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (130, 15) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(452) NT user token of user S-1-22-1-130 contains 19 SIDs SID[ 0]: S-1-22-1-130 SID[ 1]: S-1-22-2-15 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-12003 SID[ 6]: S-1-22-2-121 SID[ 7]: S-1-22-2-20 SID[ 8]: S-1-22-2-209 SID[ 9]: S-1-22-2-263 SID[ 10]: S-1-22-2-219 SID[ 11]: S-1-22-2-352 SID[ 12]: S-1-22-2-0 SID[ 13]: S-1-22-2-257 SID[ 14]: S-1-22-2-1000 SID[ 15]: S-1-22-2-369 SID[ 16]: S-1-22-2-154 SID[ 17]: S-1-22-2-400 SID[ 18]: S-1-22-2-5000 SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 130 Primary group is 15 and contains 15 supplementary groups Group[ 0]: 15 Group[ 1]: 12003 Group[ 2]: 121 Group[ 3]: 20 Group[ 4]: 209 Group[ 5]: 263 Group[ 6]: 219 Group[ 7]: 352 Group[ 8]: 0 Group[ 9]: 257 Group[ 10]: 1000 Group[ 11]: 369 Group[ 12]: 154 Group[ 13]: 400 Group[ 14]: 5000 [2006/11/08 12:11:57, 5] smbd/uid.c:change_to_user(259) change_to_user uid=(0,130) gid=(0,15) [2006/11/08 12:11:57, 4] smbd/vfs.c:vfs_ChDir(741) vfs_ChDir to /tmp [2006/11/08 12:11:57, 10] smbd/trans2.c:call_trans2getdfsreferral(4932) call_trans2getdfsreferral [2006/11/08 12:11:57, 10] smbd/msdfs.c:parse_dfs_path(44) temp in parse_dfs_path: .warthole\mamepimages. after trimming \'s [2006/11/08 12:11:57, 10] smbd/msdfs.c:parse_dfs_path(54) parse_dfs_path: hostname: warthole [2006/11/08 12:11:57, 10] smbd/msdfs.c:setup_dfs_referral(834) max_referral_level :3 [2006/11/08 12:11:57, 10] smbd/msdfs.c:setup_ver3_dfs_referral(711) setting up version3 referral [2006/11/08 12:11:57, 10] smbd/msdfs.c:setup_ver3_dfs_referral(715) [2006/11/08 12:11:57, 0] lib/util.c:dump_data(2215) [000] 5C 00 77 00 61 00 72 00 74 00 68 00 6F 00 6C 00 \.w.a.r. t.h.o.l. [010] 65 00 5C 00 6D 00 61 00 6D 00 65 00 70 00 69 00 e.\.m.a. m.e.p.i. [020] 6D 00 61 00 67 00 65 00 73 00 5C 00 00 00 m.a.g.e. s.\... [2006/11/08 12:11:57, 10] smbd/msdfs.c:setup_ver3_dfs_referral(724) referral 0 : \warthole\mamepimages\ [2006/11/08 12:11:57, 10] smbd/msdfs.c:setup_dfs_referral(854) DFS Referral pdata: [2006/11/08 12:11:57, 0] lib/util.c:dump_data(2215) [000] 2C 00 01 00 03 00 00 00 03 00 22 00 01 00 00 00 ,....... .."..... [010] 58 02 00 00 22 00 50 00 7E 00 00 00 00 00 00 00 X...".P. ~....... [020] 00 00 00 00 00 00 00 00 00 00 5C 00 77 00 61 00 ........ ..\.w.a. [030] 72 00 74 00 68 00 6F 00 6C 00 65 00 5C 00 6D 00 r.t.h.o. l.e.\.m. [040] 61 00 6D 00 65 00 70 00 69 00 6D 00 61 00 67 00 a.m.e.p. i.m.a.g. [050] 65 00 73 00 5C 00 00 00 5C 00 77 00 61 00 72 00 e.s.\... \.w.a.r. [060] 74 00 68 00 6F 00 6C 00 65 00 5C 00 6D 00 61 00 t.h.o.l. e.\.m.a. [070] 6D 00 65 00 70 00 69 00 6D 00 61 00 67 00 65 00 m.e.p.i. m.a.g.e. [080] 73 00 5C 00 00 00 5C 00 77 00 61 00 72 00 74 00 s.\...\. w.a.r.t. [090] 68 00 6F 00 6C 00 65 00 5C 00 6D 00 61 00 6D 00 h.o.l.e. \.m.a.m. [0A0] 65 00 70 00 69 00 6D 00 61 00 67 00 65 00 73 00 e.p.i.m. a.g.e.s. [0B0] 5C 00 00 00 \... [2006/11/08 12:11:57, 9] smbd/trans2.c:send_trans2_replies(689) t2_rep: params_sent_thistime = 0, data_sent_thistime = 180, useable_space = 131012 [2006/11/08 12:11:57, 9] smbd/trans2.c:send_trans2_replies(691) t2_rep: params_to_send = 0, data_to_send = 180, paramsize = 0, datasize = 180 [2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) size=236 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55361 smb_tid=1 smb_pid=2844 smb_uid=101 smb_mid=20800 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 180 (0xB4) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 180 (0xB4) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=181 [2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) [000] 00 2C 00 01 00 03 00 00 00 03 00 22 00 01 00 00 .,...... ...".... [010] 00 58 02 00 00 22 00 50 00 7E 00 00 00 00 00 00 .X...".P .~...... [020] 00 00 00 00 00 00 00 00 00 00 00 5C 00 77 00 61 ........ ...\.w.a [030] 00 72 00 74 00 68 00 6F 00 6C 00 65 00 5C 00 6D .r.t.h.o .l.e.\.m [040] 00 61 00 6D 00 65 00 70 00 69 00 6D 00 61 00 67 .a.m.e.p .i.m.a.g [050] 00 65 00 73 00 5C 00 00 00 5C 00 77 00 61 00 72 .e.s.\.. .\.w.a.r [060] 00 74 00 68 00 6F 00 6C 00 65 00 5C 00 6D 00 61 .t.h.o.l .e.\.m.a [070] 00 6D 00 65 00 70 00 69 00 6D 00 61 00 67 00 65 .m.e.p.i .m.a.g.e [080] 00 73 00 5C 00 00 00 5C 00 77 00 61 00 72 00 74 .s.\...\ .w.a.r.t [090] 00 68 00 6F 00 6C 00 65 00 5C 00 6D 00 61 00 6D .h.o.l.e .\.m.a.m [0A0] 00 65 00 70 00 69 00 6D 00 61 00 67 00 65 00 73 .e.p.i.m .a.g.e.s [0B0] 00 5C 00 00 00 .\... [2006/11/08 12:11:57, 10] smbd/process.c:setup_select_timeout(1284) change_notify_timeout: 60 [2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 96 [2006/11/08 12:11:57, 6] smbd/process.c:process_smb(1109) got message type 0x0 of len 0x60 [2006/11/08 12:11:57, 3] smbd/process.c:process_smb(1110) Transaction 5 of length 100 [2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) [2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) size=96 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=20864 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=53 [2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 5C 00 57 00 41 00 52 00 54 00 48 00 4F .\.\.W.A .R.T.H.O [010] 00 4C 00 45 00 5C 00 4D 00 41 00 4D 00 45 00 50 .L.E.\.M .A.M.E.P [020] 00 49 00 4D 00 41 00 47 00 45 00 53 00 00 00 3F .I.M.A.G .E.S...? [030] 3F 3F 3F 3F 00 ????. [2006/11/08 12:11:57, 3] smbd/process.c:switch_message(914) switch message SMBtconX (pid 2695) conn 0x0 [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:57, 5] smbd/uid.c:change_to_root_user(274) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/11/08 12:11:57, 4] smbd/reply.c:reply_tcon_and_X(668) Client requested device type [?????] for share [MAMEPIMAGES] [2006/11/08 12:11:57, 5] smbd/service.c:make_connection(1116) making a connection to 'normal' service mamepimages [2006/11/08 12:11:57, 10] smbd/share_access.c:user_ok_token(224) user_ok_token: share mamepimages is ok for unix user wwwutz [2006/11/08 12:11:57, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user wwwutz [2006/11/08 12:11:57, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is wwwutz [2006/11/08 12:11:57, 10] lib/util_pw.c:getpwnam_alloc(76) Got wwwutz from pwnam_cache [2006/11/08 12:11:57, 5] lib/username.c:Get_Pwnam_internals(107) Get_Pwnam_internals did find user [wwwutz]! [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: WARTHOLE\imgdata => WARTHOLE (domain), imgdata (name) [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:57, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:57, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) getsampwnam (smbpasswd): search by name: imgdata [2006/11/08 12:11:57, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) startsmbfilepwent_internal: opening file /var/samba/private/smbpasswd [2006/11/08 12:11:57, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) getsmbfilepwent: end of file reached. [2006/11/08 12:11:57, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) endsmbfilepwent_internal: closed password file. [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:57, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: Unix User\imgdata => Unix User (domain), imgdata (name) [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_uid(1209) sid_to_uid: S-1-22-1-1087 -> 1087 [2006/11/08 12:11:57, 10] lib/system_smbd.c:sys_getgrouplist(125) sys_getgrouplist: user [imgdata] [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:57, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 372 -> S-1-22-2-372 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 392 -> S-1-22-2-392 [2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-1-1087] [2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-372] [2006/11/08 12:11:57, 5] lib/privileges.c:get_privileges_for_sids(458) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-5-2] [2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-5-11] [2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-392] [2006/11/08 12:11:57, 3] smbd/service.c:make_connection_snum(672) Forced user imgdata [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: WARTHOLE\abt_her => WARTHOLE (domain), abt_her (name) [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:57, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: Unix Group\abt_her => Unix Group (domain), abt_her (name) [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) sid_to_gid: S-1-22-2-9000 -> 9000 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: WARTHOLE\imgdata => WARTHOLE (domain), imgdata (name) [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:57, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:57, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) getsampwnam (smbpasswd): search by name: imgdata [2006/11/08 12:11:57, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) startsmbfilepwent_internal: opening file /var/samba/private/smbpasswd [2006/11/08 12:11:57, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) getsmbfilepwent: end of file reached. [2006/11/08 12:11:57, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) endsmbfilepwent_internal: closed password file. [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:57, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:lookup_name(63) lookup_name: Unix User\imgdata => Unix User (domain), imgdata (name) [2006/11/08 12:11:57, 10] lib/util_pw.c:getpwnam_alloc(76) Got imgdata from pwnam_cache [2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_uid(1209) sid_to_uid: S-1-22-1-1087 -> 1087 [2006/11/08 12:11:57, 10] lib/system_smbd.c:sys_getgrouplist(125) sys_getgrouplist: user [imgdata] [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/11/08 12:11:57, 3] smbd/uid.c:push_conn_ctx(344) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/11/08 12:11:58, 3] smbd/sec_ctx.c:pop_sec_ctx(338) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/11/08 12:11:58, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 372 -> S-1-22-2-372 [2006/11/08 12:11:58, 10] passdb/lookup_sid.c:gid_to_sid(1136) gid_to_sid: local 392 -> S-1-22-2-392 [2006/11/08 12:11:58, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-1-1087] [2006/11/08 12:11:58, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-372] [2006/11/08 12:11:58, 5] lib/privileges.c:get_privileges_for_sids(458) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2006/11/08 12:11:58, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-5-2] [2006/11/08 12:11:58, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-5-11] [2006/11/08 12:11:58, 3] lib/privileges.c:get_privileges(260) get_privileges: No privileges assigned to SID [S-1-22-2-392] [2006/11/08 12:11:58, 10] smbd/service.c:make_connection_snum(736) Could not convert SID S-1-22-1-1087 to gid, ignoring it [2006/11/08 12:11:58, 0] lib/fault.c:fault_report(41) =============================================================== [2006/11/08 12:11:58, 0] lib/fault.c:fault_report(42) INTERNAL ERROR: Signal 11 in pid 2695 (3.0.23c) Please read the Trouble-Shooting section of the Samba3-HOWTO [2006/11/08 12:11:58, 0] lib/fault.c:fault_report(44) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2006/11/08 12:11:58, 0] lib/fault.c:fault_report(45) =============================================================== [2006/11/08 12:11:58, 0] lib/util.c:smb_panic(1591) PANIC (pid 2695): internal error [2006/11/08 12:11:58, 0] lib/util.c:log_stack_trace(1749) unable to produce a stack trace on this platform [2006/11/08 12:11:58, 0] lib/fault.c:dump_core(173) dumping core in /var/samba/cores/smbd