The Samba-Bugzilla – Attachment 2202 Details for
Bug 4214
smbd 3.0.21c up to 3.0.24-svn trash memory
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
level 10 logile string overflow WinXP -> OSF smbd
samba-crash-1.log (text/plain), 603.16 KB, created by
Peter Marquardt
on 2006-11-08 05:36:42 UTC
(
hide
)
Description:
level 10 logile string overflow WinXP -> OSF smbd
Filename:
MIME Type:
Creator:
Peter Marquardt
Created:
2006-11-08 05:36:42 UTC
Size:
603.16 KB
patch
obsolete
>[2006/11/08 12:11:52, 6] param/loadparm.c:lp_file_list_changed(2998) > lp_file_list_changed() > file /usr/local/samba/etc/smb.conf.service.bkps -> /usr/local/samba/etc/smb.conf.service.bkps last mod_time: Tue Nov 7 10:59:35 2006 > > file /usr/local/samba/etc/smb.conf.global.%h -> /usr/local/samba/etc/smb.conf.global.warthole last mod_time: Thu Jan 1 01:00:00 1970 > > file /usr/local/samba/etc/smb.conf.global -> /usr/local/samba/etc/smb.conf.global last mod_time: Tue Nov 7 10:59:35 2006 > > file /usr/local/samba/etc/smb.conf -> /usr/local/samba/etc/smb.conf last mod_time: Wed Nov 8 12:11:08 2006 > >[2006/11/08 12:11:52, 5] auth/auth_util.c:make_user_info_map(160) > make_user_info_map: Mapping user [lab-rr]\[wwwutz] from workstation [WALDI] >[2006/11/08 12:11:52, 10] lib/gencache.c:gencache_get(285) > Returning valid cache entry: key = TDOMCACHE/TIMESTAMP, value = 1162983779, timeout = Wed Nov 8 12:12:59 2006 >[2006/11/08 12:11:52, 10] libsmb/trustdom_cache.c:update_trustdom_cache(326) > update_trustdom_cache: not time to update trustdom_cache yet >[2006/11/08 12:11:52, 10] lib/gencache.c:gencache_get(312) > Cache entry with key = TDOM/LAB-RR couldn't be found >[2006/11/08 12:11:52, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) > no entry for trusted domain lab-rr found. >[2006/11/08 12:11:52, 5] auth/auth_util.c:make_user_info(75) > attempting to make a user_info for wwwutz (wwwutz) >[2006/11/08 12:11:52, 5] auth/auth_util.c:make_user_info(85) > making strings for wwwutz's user_info struct >[2006/11/08 12:11:52, 5] auth/auth_util.c:make_user_info(117) > making blobs for wwwutz's user_info struct >[2006/11/08 12:11:52, 10] auth/auth_util.c:make_user_info(135) > made an encrypted user_info for wwwutz (wwwutz) >[2006/11/08 12:11:52, 3] auth/auth.c:check_ntlm_password(220) > check_ntlm_password: Checking password for unmapped user [lab-rr]\[wwwutz]@[WALDI] with the new password interface >[2006/11/08 12:11:52, 3] auth/auth.c:check_ntlm_password(223) > check_ntlm_password: mapped user is: [LAB-RR]\[wwwutz]@[WALDI] >[2006/11/08 12:11:52, 10] auth/auth.c:check_ntlm_password(232) > check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) >[2006/11/08 12:11:52, 10] auth/auth.c:check_ntlm_password(235) > challenge is: >[2006/11/08 12:11:52, 5] lib/util.c:dump_data(2215) > [000] 32 D9 42 61 11 F7 C6 F3 2.Ba.... >[2006/11/08 12:11:52, 10] auth/auth.c:check_ntlm_password(261) > check_ntlm_password: guest had nothing to say >[2006/11/08 12:11:52, 8] lib/util.c:is_myname(2036) > is_myname("LAB-RR") returns 0 >[2006/11/08 12:11:52, 6] auth/auth_sam.c:check_samstrict_security(412) > check_samstrict_security: LAB-RR is not one of my local names (ROLE_DOMAIN_MEMBER) >[2006/11/08 12:11:52, 10] auth/auth.c:check_ntlm_password(261) > check_ntlm_password: sam had nothing to say >[2006/11/08 12:11:52, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:52, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:52, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:52, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:52, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:52, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:52, 8] libsmb/namequery.c:get_sorted_dc_list(1550) > get_sorted_dc_list: attempting lookup using [lmhosts wins host bcast] >[2006/11/08 12:11:52, 10] lib/gencache.c:gencache_get(285) > Returning valid cache entry: key = SAF/DOMAIN/LAB-RR, value = ESKUELL, timeout = Wed Nov 8 12:23:09 2006 >[2006/11/08 12:11:52, 5] libsmb/namequery.c:saf_fetch(107) > saf_fetch: Returning "ESKUELL" for "LAB-RR" domain >[2006/11/08 12:11:52, 3] libsmb/namequery.c:get_dc_list(1426) > get_dc_list: preferred server list: "ESKUELL, *" >[2006/11/08 12:11:52, 10] libsmb/namequery.c:internal_resolve_name(1132) > internal_resolve_name: looking up LAB-RR#1c >[2006/11/08 12:11:52, 10] lib/gencache.c:gencache_get(285) > Returning valid cache entry: key = NBT/LAB-RR#1C, value = 141.14.16.97:0,141.14.17.120:0,141.14.17.130:0,141.14.19.244:0, timeout = Wed Nov 8 12:13:59 2006 >[2006/11/08 12:11:52, 5] libsmb/namecache.c:namecache_fetch(201) > name LAB-RR#1C found. >[2006/11/08 12:11:52, 8] libsmb/namequery.c:get_dc_list(1441) > Adding 4 DC's from auto lookup >[2006/11/08 12:11:52, 10] libsmb/namequery.c:internal_resolve_name(1132) > internal_resolve_name: looking up ESKUELL#20 >[2006/11/08 12:11:52, 10] lib/gencache.c:gencache_get(285) > Returning valid cache entry: key = NBT/ESKUELL#20, value = 141.14.16.97:0, timeout = Wed Nov 8 12:13:59 2006 >[2006/11/08 12:11:52, 5] libsmb/namecache.c:namecache_fetch(201) > name ESKUELL#20 found. >[2006/11/08 12:11:52, 10] libsmb/namequery.c:remove_duplicate_addrs2(408) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2006/11/08 12:11:52, 4] libsmb/namequery.c:get_dc_list(1528) > get_dc_list: returning 4 ip addresses in an ordered list >[2006/11/08 12:11:52, 4] libsmb/namequery.c:get_dc_list(1530) > get_dc_list: 141.14.16.97:0 141.14.17.120:0 141.14.17.130:0 141.14.19.244:0 >[2006/11/08 12:11:52, 10] libsmb/namequery.c:name_status_find(275) > name_status_find: looking up LAB-RR#1c at 141.14.16.97 >[2006/11/08 12:11:52, 10] lib/gencache.c:gencache_get(312) > Cache entry with key = NBT/LAB-RR#1C.20.141.14.16.97 couldn't be found >[2006/11/08 12:11:52, 5] libsmb/namecache.c:namecache_status_fetch(308) > namecache_status_fetch: no entry for NBT/LAB-RR#1C.20.141.14.16.97 found. >[2006/11/08 12:11:52, 10] lib/gencache.c:gencache_del(218) > Deleting cache entry (key = NBT/LAB-RR#1C.20.141.14.16.97) >[2006/11/08 12:11:52, 10] lib/util_sock.c:open_socket_in(839) > bind succeeded on port 0 >[2006/11/08 12:11:52, 5] libsmb/nmblib.c:send_udp(776) > Sending a packet of len 50 to (141.14.16.97) on port 137 >[2006/11/08 12:11:52, 10] lib/util_sock.c:read_udp_socket(293) > read_udp_socket: lastip 141.14.16.97 lastport 137 read: 301 >[2006/11/08 12:11:52, 10] libsmb/nmblib.c:parse_nmb(506) > parse_nmb: packet id = 26725 >[2006/11/08 12:11:52, 5] libsmb/nmblib.c:read_packet(754) > Received a packet of len 301 from (141.14.16.97) port 137 >[2006/11/08 12:11:52, 4] libsmb/nmblib.c:debug_nmb_packet(112) > nmb packet from 141.14.16.97(137) header: id=26725 opcode=Query(0) response=Yes > header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=LAB-RR<1c> rr_type=33 rr_class=1 ttl=0 > answers 0 char .ESKUELL hex 0A45534B55454C4C2020202020202020 > answers 10 char .D.LAB-RR hex 0044004C41422D525220202020202020 > answers 20 char ...LAB-RR hex 202000C4004C41422D52522020202020 > answers 30 char ...ESKUELL hex 202020201CC40045534B55454C4C2020 > answers 40 char D.LAB-RR hex 2020202020202044004C41422D525220 > answers 50 char .D.ESKUE hex 20202020202020201B440045534B5545 > answers 60 char LL .D.ADM hex 4C4C202020202020202003440041444D > answers 70 char INISTRATOR .D.L hex 494E4953545241544F5220200344004C > answers 80 char AB-RR .. hex 41422D52522020202020202020201EC4 > answers 90 char .LAB-RR hex 004C41422D5252202020202020202020 > answers a0 char .D...__MSBROWSE_ hex 1D440001025F5F4D5342524F5753455F > answers b0 char _........]...... hex 5F0201C4000000F8025D840000000000 > answers c0 char ................ hex 00000000000000000000000000000000 > answers d0 char ................ hex 00000000000000000000000000000000 > answers e0 char ... hex 000000 >[2006/11/08 12:11:52, 10] libsmb/namequery.c:parse_node_status(157) > ESKUELL#00: flags = 0x44 >[2006/11/08 12:11:52, 10] libsmb/namequery.c:parse_node_status(157) > LAB-RR#00: flags = 0xc4 >[2006/11/08 12:11:52, 10] libsmb/namequery.c:parse_node_status(157) > LAB-RR#1c: flags = 0xc4 >[2006/11/08 12:11:52, 10] libsmb/namequery.c:parse_node_status(157) > ESKUELL#20: flags = 0x44 >[2006/11/08 12:11:52, 10] libsmb/namequery.c:parse_node_status(157) > LAB-RR#1b: flags = 0x44 >[2006/11/08 12:11:52, 10] libsmb/namequery.c:parse_node_status(157) > ESKUELL#03: flags = 0x44 >[2006/11/08 12:11:52, 10] libsmb/namequery.c:parse_node_status(157) > ADMINISTRATOR#03: flags = 0x44 >[2006/11/08 12:11:52, 10] libsmb/namequery.c:parse_node_status(157) > LAB-RR#1e: flags = 0xc4 >[2006/11/08 12:11:52, 10] libsmb/namequery.c:parse_node_status(157) > LAB-RR#1d: flags = 0x44 >[2006/11/08 12:11:52, 10] libsmb/namequery.c:parse_node_status(157) > __MSBROWSE__#01: flags = 0xc4 >[2006/11/08 12:11:52, 10] libsmb/namequery.c:name_status_find(315) > name_status_find: name found, name ESKUELL ip address is 141.14.16.97 >[2006/11/08 12:11:52, 3] libsmb/namequery_dc.c:rpc_dc_name(116) > rpc_dc_name: Returning DC ESKUELL (141.14.16.97) for domain LAB-RR >[2006/11/08 12:11:52, 10] passdb/secrets.c:secrets_named_mutex(779) > secrets_named_mutex: got mutex for ESKUELL >[2006/11/08 12:11:52, 3] libsmb/cliconnect.c:cli_start_connection(1417) > Connecting to host=ESKUELL >[2006/11/08 12:11:52, 3] lib/util_sock.c:open_socket_out(874) > Connecting to 141.14.16.97 at port 445 >[2006/11/08 12:11:52, 2] lib/util_sock.c:open_socket_out(910) > error connecting to 141.14.16.97:445 (Connection refused) >[2006/11/08 12:11:52, 3] lib/util_sock.c:open_socket_out(874) > Connecting to 141.14.16.97 at port 139 >[2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 0 >[2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 0 >[2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 4 >[2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 8 >[2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEPORT = 0 >[2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 33580 >[2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 33580 >[2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1460 >[2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2006/11/08 12:11:52, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,72) >[2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,72) wrote 72 >[2006/11/08 12:11:52, 5] libsmb/cliconnect.c:cli_session_request(1262) > Sent session request >[2006/11/08 12:11:52, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 0 >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) > size=0 > smb_com=0x0 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=0 > smb_flg2=0 > smb_tid=0 > smb_pid=0 > smb_uid=0 > smb_mid=0 > smt_wct=0 > smb_bcc=0 >[2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,183) >[2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,183) wrote 183 >[2006/11/08 12:11:52, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 91 >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) > size=91 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=7198 > smb_uid=0 > smb_mid=2 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=65283 (0xFF03) > smb_vwv[ 2]= 257 (0x101) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 17 (0x11) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 67 (0x43) > smb_vwv[11]=53248 (0xD000) > smb_vwv[12]=58492 (0xE47C) > smb_vwv[13]= 9947 (0x26DB) > smb_vwv[14]=50947 (0xC703) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 2303 (0x8FF) > smb_bcc=22 >[2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) > [000] 0B 57 DB 64 BB 57 6D FA 4C 00 41 00 42 00 2D 00 .W.d.Wm. L.A.B.-. > [010] 52 00 52 00 00 00 R.R... >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) > size=91 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=7198 > smb_uid=0 > smb_mid=2 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=65283 (0xFF03) > smb_vwv[ 2]= 257 (0x101) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 17 (0x11) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 67 (0x43) > smb_vwv[11]=53248 (0xD000) > smb_vwv[12]=58492 (0xE47C) > smb_vwv[13]= 9947 (0x26DB) > smb_vwv[14]=50947 (0xC703) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 2303 (0x8FF) > smb_bcc=22 >[2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) > [000] 0B 57 DB 64 BB 57 6D FA 4C 00 41 00 42 00 2D 00 .W.d.Wm. L.A.B.-. > [010] 52 00 52 00 00 00 R.R... >[2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,92) >[2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,92) wrote 92 >[2006/11/08 12:11:52, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 124 >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) > size=124 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=7198 > smb_uid=4099 > smb_mid=3 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 124 (0x7C) > smb_vwv[ 2]= 0 (0x0) > smb_bcc=83 >[2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) > [000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [010] 00 4E 00 54 00 20 00 34 00 2E 00 30 00 00 00 4E .N.T. .4 ...0...N > [020] 00 54 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 .T. .L.A .N. .M.a > [030] 00 6E 00 61 00 67 00 65 00 72 00 20 00 34 00 2E .n.a.g.e .r. .4.. > [040] 00 30 00 00 00 4C 00 41 00 42 00 2D 00 52 00 52 .0...L.A .B.-.R.R > [050] 00 00 00 ... >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) > size=124 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=7198 > smb_uid=4099 > smb_mid=3 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 124 (0x7C) > smb_vwv[ 2]= 0 (0x0) > smb_bcc=83 >[2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) > [000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [010] 00 4E 00 54 00 20 00 34 00 2E 00 30 00 00 00 4E .N.T. .4 ...0...N > [020] 00 54 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 .T. .L.A .N. .M.a > [030] 00 6E 00 61 00 67 00 65 00 72 00 20 00 34 00 2E .n.a.g.e .r. .4.. > [040] 00 30 00 00 00 4C 00 41 00 42 00 2D 00 52 00 52 .0...L.A .B.-.R.R > [050] 00 00 00 ... >[2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,82) >[2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,82) wrote 82 >[2006/11/08 12:11:52, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 48 >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) > size=48 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2055 > smb_pid=7198 > smb_uid=4099 > smb_mid=4 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 1 (0x1) > smb_bcc=7 >[2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) > [000] 49 50 43 00 00 00 00 IPC.... >[2006/11/08 12:11:52, 10] libsmb/clientgen.c:cli_init_creds(233) > cli_init_creds: user domain >[2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,108) >[2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,108) wrote 108 >[2006/11/08 12:11:52, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 103 >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2055 > smb_pid=7198 > smb_uid=4099 > smb_mid=5 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 768 (0x300) > smb_vwv[ 3]= 264 (0x108) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2006/11/08 12:11:52, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2040) > Bind RPC Pipe[803]: \NETLOGON auth_type 0, auth_level 0 >[2006/11/08 12:11:52, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) > Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. > [010] 01 00 00 00 .... >[2006/11/08 12:11:52, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [010] 02 00 00 00 .... >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0048 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_rb >[2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 00000000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_contexts: 01 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c context_id : 0000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001e num_transfer_syntaxes: 01 >[2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001f smb_io_rpc_iface >[2006/11/08 12:11:52, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 12345678 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : 1234 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : abcd >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : ef 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 01 23 45 67 cf fb >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000001 >[2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_rpc_iface >[2006/11/08 12:11:52, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_uuid uuid >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 data : 8a885d04 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 data : 1ceb >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a data : 11c9 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003c data : 9f e8 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003e data : 08 00 2b 10 48 60 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 version: 00000002 >[2006/11/08 12:11:52, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x803 >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=7198 > smb_uid=4099 > smb_mid=6 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 2051 (0x803) > smb_bcc=87 >[2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,158) >[2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,158) wrote 158 >[2006/11/08 12:11:52, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 124 >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2055 > smb_pid=7198 > smb_uid=4099 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) > [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... > [010] 00 B8 10 B8 10 33 79 06 00 0C 00 5C 50 49 50 45 .....3y. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2055 > smb_pid=7198 > smb_uid=4099 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) > [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... > [010] 00 B8 10 B8 10 33 79 06 00 0C 00 5C 50 49 50 45 .....3y. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/11/08 12:11:52, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2006/11/08 12:11:52, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x803 returned 68 bytes. >[2006/11/08 12:11:52, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2077) > rpc_pipe_bind: Remote machine ESKUELL pipe \NETLOGON fnum 0x803 bind request returned ok. >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_ba >[2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 00067933 >[2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_addr_str >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0018 len: 000c >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a str: \PIPE\lsass. >[2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000026 smb_io_rpc_results >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0028 num_results: 01 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002c result : 0000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002e reason : 0000 >[2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_rpc_iface >[2006/11/08 12:11:52, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_uuid uuid >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 data : 8a885d04 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0034 data : 1ceb >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0036 data : 11c9 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0038 data : 9f e8 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003a data : 08 00 2b 10 48 60 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 version: 00000002 >[2006/11/08 12:11:52, 5] rpc_client/cli_pipe.c:check_bind_response(1701) > check_bind_response: accepted! >[2006/11/08 12:11:52, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2270) > cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine ESKUELL and bound anonymously. >[2006/11/08 12:11:52, 4] passdb/secrets.c:secrets_fetch_trust_account_password(285) > Using cleartext machine password >[2006/11/08 12:11:52, 4] rpc_client/cli_netlogon.c:rpccli_net_req_chal(45) > cli_net_req_chal: LSA Request Challenge from WARTHOLE to \\ESKUELL >[2006/11/08 12:11:52, 5] rpc_parse/parse_net.c:init_q_req_chal(679) > init_q_req_chal: 679 >[2006/11/08 12:11:52, 5] rpc_parse/parse_net.c:init_q_req_chal(688) > init_q_req_chal: 688 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_req_chal >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 undoc_buffer: 00000001 >[2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 0000000a >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 0000000a >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.E.S.K.U.E.L.L... >[2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_unistr2 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 uni_max_len: 00000009 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 offset : 00000000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c uni_str_len: 00000009 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0030 buffer : W.A.R.T.H.O.L.E... >[2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000042 smb_io_chal >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0042 data: ce 0b 62 ec 24 9f 25 4f >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0062 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000002 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000004a >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 0004 >[2006/11/08 12:11:52, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x803 >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) > size=180 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=7198 > smb_uid=4099 > smb_mid=7 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 98 (0x62) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 98 (0x62) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 2051 (0x803) > smb_bcc=113 >[2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 62 00 00 00 02 00 00 00 4A .......b .......J > [020] 00 00 00 00 00 04 00 01 00 00 00 0A 00 00 00 00 ........ ........ > [030] 00 00 00 0A 00 00 00 5C 00 5C 00 45 00 53 00 4B .......\ .\.E.S.K > [040] 00 55 00 45 00 4C 00 4C 00 00 00 09 00 00 00 00 .U.E.L.L ........ > [050] 00 00 00 09 00 00 00 57 00 41 00 52 00 54 00 48 .......W .A.R.T.H > [060] 00 4F 00 4C 00 45 00 00 00 CE 0B 62 EC 24 9F 25 .O.L.E.. ...b.$.% > [070] 4F O >[2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,184) >[2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,184) wrote 184 >[2006/11/08 12:11:52, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 92 >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2055 > smb_pid=7198 > smb_uid=4099 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) > [000] 62 05 00 02 03 10 00 00 00 24 00 00 00 02 00 00 b....... .$...... > [010] 00 0C 00 00 00 00 00 00 00 65 67 46 A9 00 00 00 ........ .egF.... > [020] 00 00 00 00 00 ..... >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2055 > smb_pid=7198 > smb_uid=4099 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) > [000] 62 05 00 02 03 10 00 00 00 24 00 00 00 02 00 00 b....... .$...... > [010] 00 0C 00 00 00 00 00 00 00 65 67 46 A9 00 00 00 ........ .egF.... > [020] 00 00 00 00 00 ..... >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0024 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000002 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000000c >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/11/08 12:11:52, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0 >[2006/11/08 12:11:52, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 36 at offset 0 >[2006/11/08 12:11:52, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x803 returned 24 bytes. >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_req_chal >[2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_chal >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0000 data: 65 67 46 a9 00 00 00 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 0008 status: NT_STATUS_OK >[2006/11/08 12:11:52, 10] libsmb/credentials.c:creds_client_init(286) > creds_client_init: neg_flags : 400701ff >[2006/11/08 12:11:52, 10] libsmb/credentials.c:creds_client_init(287) > creds_client_init: client chal : CE0B62EC249F254F >[2006/11/08 12:11:52, 10] libsmb/credentials.c:creds_client_init(288) > creds_client_init: server chal : 656746A900000000 >[2006/11/08 12:11:52, 5] libsmb/credentials.c:creds_init_64(117) > creds_init_64 >[2006/11/08 12:11:52, 5] libsmb/credentials.c:creds_init_64(118) > clnt_chal_in: CE0B62EC249F254F >[2006/11/08 12:11:52, 5] libsmb/credentials.c:creds_init_64(119) > srv_chal_in : 656746A900000000 >[2006/11/08 12:11:52, 5] libsmb/credentials.c:creds_init_64(120) > clnt+srv : 3373A895249F254F >[2006/11/08 12:11:52, 5] libsmb/credentials.c:creds_init_64(121) > sess_key_out : A5265A73A6B9A3A4 >[2006/11/08 12:11:52, 10] libsmb/credentials.c:creds_client_init(306) > creds_client_init: clnt : B4ECD6436F1909A5 >[2006/11/08 12:11:52, 10] libsmb/credentials.c:creds_client_init(307) > creds_client_init: server : D35C4D9DEB7F5947 >[2006/11/08 12:11:52, 10] libsmb/credentials.c:creds_client_init(308) > creds_client_init: seed : B4ECD6436F1909A5 >[2006/11/08 12:11:52, 4] rpc_client/cli_netlogon.c:rpccli_net_auth2(168) > cli_net_auth2: srv:\\ESKUELL acct:WARTHOLE$ sc:2 mc: WARTHOLE neg: 400701ff >[2006/11/08 12:11:52, 5] rpc_parse/parse_net.c:init_q_auth_2(800) > init_q_auth_2: 800 >[2006/11/08 12:11:52, 5] rpc_parse/parse_misc.c:init_log_info(1409) > make_log_info 1409 >[2006/11/08 12:11:52, 5] rpc_parse/parse_net.c:init_q_auth_2(806) > init_q_auth_2: 806 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_auth_2 >[2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_log_info >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 undoc_buffer: 00000001 >[2006/11/08 12:11:52, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 unistr2 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 0000000a >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 0000000a >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.E.S.K.U.E.L.L... >[2006/11/08 12:11:52, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_unistr2 unistr2 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 uni_max_len: 0000000a >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 offset : 00000000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c uni_str_len: 0000000a >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0030 buffer : W.A.R.T.H.O.L.E.$... >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0044 sec_chan: 0002 >[2006/11/08 12:11:52, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000046 smb_io_unistr2 unistr2 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0048 uni_max_len: 00000009 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c offset : 00000000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0050 uni_str_len: 00000009 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0054 buffer : W.A.R.T.H.O.L.E... >[2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000066 smb_io_chal >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0066 data: b4 ec d6 43 6f 19 09 a5 >[2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00006e net_io_neg_flags >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 neg_flags: 400701ff >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 008c >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000074 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 000f >[2006/11/08 12:11:52, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x803 >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) > size=222 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=7198 > smb_uid=4099 > smb_mid=8 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 140 (0x8C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 140 (0x8C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 2051 (0x803) > smb_bcc=155 >[2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 8C 00 00 00 03 00 00 00 74 ........ .......t > [020] 00 00 00 00 00 0F 00 01 00 00 00 0A 00 00 00 00 ........ ........ > [030] 00 00 00 0A 00 00 00 5C 00 5C 00 45 00 53 00 4B .......\ .\.E.S.K > [040] 00 55 00 45 00 4C 00 4C 00 00 00 0A 00 00 00 00 .U.E.L.L ........ > [050] 00 00 00 0A 00 00 00 57 00 41 00 52 00 54 00 48 .......W .A.R.T.H > [060] 00 4F 00 4C 00 45 00 24 00 00 00 02 00 00 00 09 .O.L.E.$ ........ > [070] 00 00 00 00 00 00 00 09 00 00 00 57 00 41 00 52 ........ ...W.A.R > [080] 00 54 00 48 00 4F 00 4C 00 45 00 00 00 B4 EC D6 .T.H.O.L .E...... > [090] 43 6F 19 09 A5 00 00 FF 01 07 40 Co...... ..@ >[2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,226) >[2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,226) wrote 226 >[2006/11/08 12:11:52, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 96 >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2055 > smb_pid=7198 > smb_uid=4099 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) > [000] 8C 05 00 02 03 10 00 00 00 28 00 00 00 03 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 D3 5C 4D 9D EB 7F 59 ........ ..\M...Y > [020] 47 FF 01 00 40 00 00 00 00 G...@... . >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2055 > smb_pid=7198 > smb_uid=4099 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) > [000] 8C 05 00 02 03 10 00 00 00 28 00 00 00 03 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 D3 5C 4D 9D EB 7F 59 ........ ..\M...Y > [020] 47 FF 01 00 40 00 00 00 00 G...@... . >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0028 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000010 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/11/08 12:11:52, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0 >[2006/11/08 12:11:52, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 40 at offset 0 >[2006/11/08 12:11:52, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x803 returned 32 bytes. >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_auth_2 >[2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_chal >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0000 data: d3 5c 4d 9d eb 7f 59 47 >[2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 net_io_neg_flags >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 neg_flags: 400001ff >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 000c status: NT_STATUS_OK >[2006/11/08 12:11:52, 10] libsmb/credentials.c:creds_client_check(325) > creds_client_check: credentials check OK. >[2006/11/08 12:11:52, 5] rpc_client/cli_netlogon.c:rpccli_netlogon_setup_creds(344) > rpccli_netlogon_setup_creds: server ESKUELL credential chain established. >[2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,108) >[2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,108) wrote 108 >[2006/11/08 12:11:52, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 103 >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2055 > smb_pid=7198 > smb_uid=4099 > smb_mid=9 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 1024 (0x400) > smb_vwv[ 3]= 264 (0x108) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2006/11/08 12:11:52, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2040) > Bind RPC Pipe[804]: \NETLOGON auth_type 2, auth_level 6 >[2006/11/08 12:11:52, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) > Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. > [010] 01 00 00 00 .... >[2006/11/08 12:11:52, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [010] 02 00 00 00 .... >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_auth_schannel_neg schannel_neg >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 type1: 00000000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 type2: 00000003 >[2006/11/08 12:11:52, 6] lib/util.c:dump_data(2215) > [000] 4C 41 42 2D 52 52 LAB-RR >[2006/11/08 12:11:52, 6] lib/util.c:dump_data(2215) > [000] 57 41 52 54 48 4F 4C 45 WARTHOLE >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0068 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0018 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_rb >[2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 00000000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_contexts: 01 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c context_id : 0000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001e num_transfer_syntaxes: 01 >[2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001f smb_io_rpc_iface >[2006/11/08 12:11:52, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 12345678 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : 1234 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : abcd >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : ef 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 01 23 45 67 cf fb >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000001 >[2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_rpc_iface >[2006/11/08 12:11:52, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_uuid uuid >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 data : 8a885d04 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 data : 1ceb >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a data : 11c9 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003c data : 9f e8 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003e data : 08 00 2b 10 48 60 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 version: 00000002 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000048 smb_io_rpc_hdr_auth hdr_auth >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0048 auth_type : 44 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0049 auth_level : 06 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 004a auth_pad_len : 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 004b auth_reserved: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c auth_context_id: 00000001 >[2006/11/08 12:11:52, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x804 >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) > size=186 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=7198 > smb_uid=4099 > smb_mid=10 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 104 (0x68) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 2052 (0x804) > smb_bcc=119 >[2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 68 00 18 00 04 00 00 00 B8 .......h ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ > [060] 00 00 00 03 00 00 00 4C 41 42 2D 52 52 00 57 41 .......L AB-RR.WA > [070] 52 54 48 4F 4C 45 00 RTHOLE. >[2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,190) >[2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,190) wrote 190 >[2006/11/08 12:11:52, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 144 >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2055 > smb_pid=7198 > smb_uid=4099 > smb_mid=10 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 88 (0x58) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=89 >[2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) > [000] 68 05 00 0C 03 10 00 00 00 58 00 0C 00 04 00 00 h....... .X...... > [010] 00 B8 10 B8 10 34 79 06 00 0C 00 5C 50 49 50 45 .....4y. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ > [050] 00 00 00 00 00 00 7A 19 00 ......z. . >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2055 > smb_pid=7198 > smb_uid=4099 > smb_mid=10 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 88 (0x58) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=89 >[2006/11/08 12:11:52, 10] lib/util.c:dump_data(2215) > [000] 68 05 00 0C 03 10 00 00 00 58 00 0C 00 04 00 00 h....... .X...... > [010] 00 B8 10 B8 10 34 79 06 00 0C 00 5C 50 49 50 45 .....4y. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ > [050] 00 00 00 00 00 00 7A 19 00 ......z. . >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0058 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 000c >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/11/08 12:11:52, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 88 at offset 0 >[2006/11/08 12:11:52, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x804 returned 88 bytes. >[2006/11/08 12:11:52, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2077) > rpc_pipe_bind: Remote machine ESKUELL pipe \NETLOGON fnum 0x804 bind request returned ok. >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0058 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 000c >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_ba >[2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 00067934 >[2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_addr_str >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0018 len: 000c >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a str: \PIPE\lsass. >[2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000026 smb_io_rpc_results >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0028 num_results: 01 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002c result : 0000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002e reason : 0000 >[2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_rpc_iface >[2006/11/08 12:11:52, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_uuid uuid >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 data : 8a885d04 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0034 data : 1ceb >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0036 data : 11c9 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0038 data : 9f e8 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003a data : 08 00 2b 10 48 60 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 version: 00000002 >[2006/11/08 12:11:52, 5] rpc_client/cli_pipe.c:check_bind_response(1701) > check_bind_response: accepted! >[2006/11/08 12:11:52, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel_with_key(2534) > cli_rpc_pipe_open_schannel_with_key: opened pipe \NETLOGON to machine ESKUELL for domain LAB-RR and bound using schannel. >[2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,45) >[2006/11/08 12:11:52, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,45) wrote 45 >[2006/11/08 12:11:52, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:52, 5] lib/util.c:show_msg(481) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2055 > smb_pid=7198 > smb_uid=4099 > smb_mid=11 > smt_wct=0 > smb_bcc=0 >[2006/11/08 12:11:52, 10] libsmb/clientgen.c:cli_rpc_pipe_close(383) > cli_rpc_pipe_close: closed pipe \NETLOGON to machine ESKUELL >[2006/11/08 12:11:52, 10] libsmb/namequery.c:saf_store(70) > saf_store: domain = [LAB-RR], server = [ESKUELL], expire = [1162985212] >[2006/11/08 12:11:52, 10] lib/gencache.c:gencache_set(128) > Adding cache entry with key = SAF/DOMAIN/LAB-RR; value = ESKUELL and timeout = Wed Nov 8 12:26:52 2006 > (900 seconds ahead) >[2006/11/08 12:11:52, 5] libsmb/credentials.c:creds_step(148) > sequence = 0x4551bb7a >[2006/11/08 12:11:52, 5] libsmb/credentials.c:creds_step(150) > seed: B4ECD6436F1909A5 >[2006/11/08 12:11:52, 5] libsmb/credentials.c:creds_step(155) > seed+seq 2EA828896F1909A5 >[2006/11/08 12:11:52, 5] libsmb/credentials.c:creds_step(159) > CLIENT CC6E7587B9709673 >[2006/11/08 12:11:52, 5] libsmb/credentials.c:creds_step(164) > seed+seq+1 2FA828896F1909A5 >[2006/11/08 12:11:52, 5] libsmb/credentials.c:creds_step(168) > SERVER 32C0012425FC6999 >[2006/11/08 12:11:52, 5] libsmb/credentials.c:creds_reseed(238) > cred_reseed: seed 2FA828896F1909A5 >[2006/11/08 12:11:52, 5] rpc_parse/parse_net.c:init_id_info2(1181) > init_id_info2: 1181 >[2006/11/08 12:11:52, 5] rpc_parse/parse_misc.c:init_logon_id(1588) > make_logon_id: 1588 >[2006/11/08 12:11:52, 5] rpc_parse/parse_net.c:init_sam_info(1275) > init_sam_info: 1275 >[2006/11/08 12:11:52, 5] rpc_parse/parse_misc.c:init_clnt_info2(1503) > make_clnt_info: 1503 >[2006/11/08 12:11:52, 5] rpc_parse/parse_misc.c:init_clnt_srv(1348) > init_clnt_srv: 1348 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_sam_logon >[2006/11/08 12:11:52, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_sam_info >[2006/11/08 12:11:52, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_clnt_info2 >[2006/11/08 12:11:52, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_clnt_srv >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 undoc_buffer : 00000001 >[2006/11/08 12:11:52, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 unistr2 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 0000000a >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 0000000a >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.E.S.K.U.E.L.L... >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 undoc_buffer2: 00000001 >[2006/11/08 12:11:52, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_unistr2 unistr2 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 uni_max_len: 00000009 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c offset : 00000000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 uni_str_len: 00000009 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0034 buffer : W.A.R.T.H.O.L.E... >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0048 ptr_cred: 00000001 >[2006/11/08 12:11:52, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00004c smb_io_cred >[2006/11/08 12:11:52, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00004c smb_io_chal >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 004c data: cc 6e 75 87 b9 70 96 73 >[2006/11/08 12:11:52, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000054 smb_io_utime >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 time: 4551bb7a >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0058 ptr_rtn_cred : 00000001 >[2006/11/08 12:11:52, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00005c smb_io_cred >[2006/11/08 12:11:52, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00005c smb_io_chal >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 005c data: 00 00 00 00 00 00 00 00 >[2006/11/08 12:11:52, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000064 smb_io_utime >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 time: 00000000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0068 logon_level : 0002 >[2006/11/08 12:11:52, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00006a smb_io_sam_info_ctr logon_info >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006a switch_value : 0002 >[2006/11/08 12:11:52, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00006c net_io_id_info2 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c ptr_id_info2: 00000001 >[2006/11/08 12:11:52, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000070 smb_io_unihdr unihdr >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0070 uni_str_len: 000c >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0072 uni_max_len: 000c >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 buffer : 00000001 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 param_ctrl: 00000820 >[2006/11/08 12:11:52, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00007c smb_io_logon_id >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c low : 0000dead >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0080 high: 0000beef >[2006/11/08 12:11:52, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000084 smb_io_unihdr unihdr >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0084 uni_str_len: 000c >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0086 uni_max_len: 000c >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0088 buffer : 00000001 >[2006/11/08 12:11:52, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00008c smb_io_unihdr unihdr >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 008c uni_str_len: 000e >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 008e uni_max_len: 000e >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0090 buffer : 00000001 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0094 lm_chal: 32 d9 42 61 11 f7 c6 f3 >[2006/11/08 12:11:52, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00009c smb_io_strhdr hdr_nt_chal_resp >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009c str_str_len: 0018 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009e str_max_len: 0018 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a0 buffer : 00000001 >[2006/11/08 12:11:52, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000a4 smb_io_strhdr hdr_lm_chal_resp >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a4 str_str_len: 0000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a6 str_max_len: 0000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a8 buffer : 00000000 >[2006/11/08 12:11:52, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000ac smb_io_unistr2 uni_domain_name >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ac uni_max_len: 00000006 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b0 offset : 00000000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b4 uni_str_len: 00000006 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00b8 buffer : L.A.B.-.R.R. >[2006/11/08 12:11:52, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000c4 smb_io_unistr2 uni_user_name >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 uni_max_len: 00000006 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c8 offset : 00000000 >[2006/11/08 12:11:52, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00cc uni_str_len: 00000006 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00d0 buffer : w.w.w.u.t.z. >[2006/11/08 12:11:53, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000dc smb_io_unistr2 uni_wksta_name >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00dc uni_max_len: 00000007 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e0 offset : 00000000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e4 uni_str_len: 00000007 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00e8 buffer : \.\.W.A.L.D.I. >[2006/11/08 12:11:53, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000f6 smb_io_string2 nt_chal_resp >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f8 str_max_len: 00000018 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00fc offset : 00000000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0100 str_str_len: 00000018 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_string2(1096) > 0104 buffer : ...H..|.....H../.;.j.... >[2006/11/08 12:11:53, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00011c smb_io_string2 - NULL lm_chal_resp >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 011c validation_level: 0003 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0160 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0020 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000005 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000011e >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 0002 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000138 smb_io_rpc_hdr_auth hdr_auth >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0138 auth_type : 44 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0139 auth_level : 06 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 013a auth_pad_len : 02 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 013b auth_reserved: 00 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 013c auth_context_id: 00000001 >[2006/11/08 12:11:53, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1356) > add_schannel_auth_footer: SCHANNEL seq_num=0 >[2006/11/08 12:11:53, 10] rpc_parse/parse_prs.c:schannel_encode(1633) > SCHANNEL: schannel_encode seq_num=0 data_len=288 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000140 smb_io_rpc_auth_schannel_chk >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0140 sig : 77 00 7a 00 ff ff 00 00 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0148 seq_num: 70 7e 98 6e a4 c7 1c d0 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0150 packet_digest: 38 da 46 05 ee 26 ec af >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0158 confounder: e5 c8 85 e4 74 73 c5 b1 >[2006/11/08 12:11:53, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x804 >[2006/11/08 12:11:53, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:53, 5] lib/util.c:show_msg(481) > size=434 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2055 > smb_pid=7198 > smb_uid=4099 > smb_mid=12 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 352 (0x160) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 352 (0x160) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 2052 (0x804) > smb_bcc=367 >[2006/11/08 12:11:53, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 60 01 20 00 05 00 00 00 1E .......` . ...... > [020] 01 00 00 00 00 02 00 E9 7F 79 DA DD 61 0D 00 0A ........ .y..a... > [030] 27 B6 8E 6D 7C 57 87 C4 13 0F 16 82 69 B0 AA C2 '..m|W.. ....i... > [040] F1 FC 77 EF C1 B3 39 C0 F4 E3 84 70 54 27 CD 42 ..w...9. ...pT'.B > [050] 3B C2 89 76 49 4C EC 08 CC 47 66 9B 89 FA E9 24 ;..vIL.. .Gf....$ > [060] C0 90 13 C8 E9 85 19 29 1D C9 92 B7 47 C5 FF F1 .......) ....G... > [070] 5B 7C 68 1D 87 E6 B7 07 06 A7 60 BC 36 B2 1B 31 [|h..... ..`.6..1 > [080] 47 18 C1 AC B9 85 B1 D4 7D 42 A4 CB 65 50 B0 C8 G....... }B..eP.. > [090] F4 8C 07 0D 72 AA AF 3E 3C 3E 96 61 0D 71 8B C5 ....r..> <>.a.q.. > [0A0] B7 43 7F FA A8 4C 2B 70 43 23 FE 93 7D 0F CF B7 .C...L+p C#..}... > [0B0] E9 B1 60 CD EE E0 62 94 95 BA 8C 7C 9E 8C 3B 86 ..`...b. ...|..;. > [0C0] EE 6D 3C DA A1 30 DB F0 3F 77 38 47 E4 76 62 F0 .m<..0.. ?w8G.vb. > [0D0] 02 61 17 0C FD D1 8B 50 A8 E7 27 18 E4 2F FE 82 .a.....P ..'../.. > [0E0] 55 26 33 D5 42 92 58 BE D7 B5 F8 E7 A0 FD 18 C8 U&3.B.X. ........ > [0F0] FE D5 AD 49 F3 B5 BC 52 57 D4 8A C9 C2 91 09 91 ...I...R W....... > [100] 1D 78 8F 22 BD F7 1F C1 D6 22 8B F8 A8 5E 81 3C .x.".... ."...^.< > [110] E4 3B F2 00 D2 4A 9B 22 64 28 ED 3B BE E0 28 BA .;...J." d(.;..(. > [120] 1E 69 EA D0 07 E7 ED 46 45 32 AF CC 7E C9 12 6A .i.....F E2..~..j > [130] 21 B0 E1 EC D2 72 E4 7E 95 3A 90 DE 5E 0E 74 14 !....r.~ .:..^.t. > [140] F1 8B CF 25 59 6B 7A 44 06 02 00 01 00 00 00 77 ...%YkzD .......w > [150] 00 7A 00 FF FF 00 00 70 7E 98 6E A4 C7 1C D0 38 .z.....p ~.n....8 > [160] DA 46 05 EE 26 EC AF E5 C8 85 E4 74 73 C5 B1 .F..&... ...ts.. >[2006/11/08 12:11:53, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,438) >[2006/11/08 12:11:53, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,438) wrote 438 >[2006/11/08 12:11:53, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 456 >[2006/11/08 12:11:53, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:53, 5] lib/util.c:show_msg(481) > size=456 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2055 > smb_pid=7198 > smb_uid=4099 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 400 (0x190) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 400 (0x190) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=401 >[2006/11/08 12:11:53, 10] lib/util.c:dump_data(2215) > [000] 60 05 00 02 03 10 00 00 00 90 01 20 00 05 00 00 `....... ... .... > [010] 00 50 01 00 00 00 00 00 00 BC FB ED CD 0C EB F0 .P...... ........ > [020] E6 48 A7 2E 4C 8B BA D9 B8 4D B4 24 59 0D BE 34 .H..L... .M.$Y..4 > [030] 9B EA 94 83 C1 D9 E3 66 31 6B 2D B4 37 85 FE 47 .......f 1k-.7..G > [040] C0 9C 5B 68 8D 51 AC F5 86 BE 87 B7 25 9B 3B A0 ..[h.Q.. ....%.;. > [050] 6A 07 BC BB 77 65 0F FD E3 38 7D 51 24 1D 2C D6 j...we.. .8}Q$.,. > [060] 43 93 1B 2A 94 45 4C 2B 73 36 07 E0 65 0C 46 31 C..*.EL+ s6..e.F1 > [070] A3 68 CD B7 0E 5B C0 69 73 4C 16 D5 71 0E A0 AB .h...[.i sL..q... > [080] 68 5F 12 28 10 0F C8 4A 32 63 AA 23 DA 47 1C 57 h_.(...J 2c.#.G.W > [090] E5 D5 D3 0E 58 56 1A 2F 3E 7E E7 6E 67 2A C6 41 ....XV./ >~.ng*.A > [0A0] F2 7D 1A 30 56 D1 23 1E 07 65 3F E6 B8 CB 8C 31 .}.0V.#. .e?....1 > [0B0] 15 7B A0 80 0E 1B 8C 76 83 0E E1 4A 90 DD AB 1B .{.....v ...J.... > [0C0] 6F 85 C4 56 2F DD 2C 10 F4 05 FC 7B F1 32 2E ED o..V/.,. ...{.2.. > [0D0] 1A 21 C8 3D 77 89 15 AC 02 BF 5C D4 3B 7D D9 DC .!.=w... ..\.;}.. > [0E0] 90 79 51 A2 36 A1 99 B3 C0 7E C7 7A 2A D7 B8 EE .yQ.6... .~.z*... > [0F0] A1 46 88 96 08 80 B3 E2 42 31 DE BC C3 09 71 F1 .F...... B1....q. > [100] 22 FA 7E 38 49 5D 7D C4 86 3A FA 9D 20 34 BB 39 ".~8I]}. .:.. 4.9 > [110] 81 2C DC C8 F9 96 E6 90 64 8D EA D0 8A D2 84 CA .,...... d....... > [120] 06 F9 57 62 51 BF D9 AE F2 AB 66 DC 15 BA 11 8C ..WbQ... ..f..... > [130] 44 1A B4 4E C9 23 B7 FB 1D D4 80 61 7F D0 8E 76 D..N.#.. ...a...v > [140] CD 19 3B 63 77 16 8D CA 00 04 D9 92 D6 3E 84 8C ..;cw... .....>.. > [150] 9B 01 EB 64 AD 57 67 D4 B8 E9 91 82 D3 89 F6 68 ...d.Wg. .......h > [160] 5A 3F B1 F4 26 B4 C3 A0 85 44 06 00 00 01 00 00 Z?..&... .D...... > [170] 00 77 00 7A 00 FF FF 00 00 0C 5B 87 8E 63 1A 94 .w.z.... ..[..c.. > [180] 86 6C 46 5F A8 1A 4D 74 79 CD FA 36 9A 0E 37 10 .lF_..Mt y..6..7. > [190] E6 . >[2006/11/08 12:11:53, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:53, 5] lib/util.c:show_msg(481) > size=456 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2055 > smb_pid=7198 > smb_uid=4099 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 400 (0x190) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 400 (0x190) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=401 >[2006/11/08 12:11:53, 10] lib/util.c:dump_data(2215) > [000] 60 05 00 02 03 10 00 00 00 90 01 20 00 05 00 00 `....... ... .... > [010] 00 50 01 00 00 00 00 00 00 BC FB ED CD 0C EB F0 .P...... ........ > [020] E6 48 A7 2E 4C 8B BA D9 B8 4D B4 24 59 0D BE 34 .H..L... .M.$Y..4 > [030] 9B EA 94 83 C1 D9 E3 66 31 6B 2D B4 37 85 FE 47 .......f 1k-.7..G > [040] C0 9C 5B 68 8D 51 AC F5 86 BE 87 B7 25 9B 3B A0 ..[h.Q.. ....%.;. > [050] 6A 07 BC BB 77 65 0F FD E3 38 7D 51 24 1D 2C D6 j...we.. .8}Q$.,. > [060] 43 93 1B 2A 94 45 4C 2B 73 36 07 E0 65 0C 46 31 C..*.EL+ s6..e.F1 > [070] A3 68 CD B7 0E 5B C0 69 73 4C 16 D5 71 0E A0 AB .h...[.i sL..q... > [080] 68 5F 12 28 10 0F C8 4A 32 63 AA 23 DA 47 1C 57 h_.(...J 2c.#.G.W > [090] E5 D5 D3 0E 58 56 1A 2F 3E 7E E7 6E 67 2A C6 41 ....XV./ >~.ng*.A > [0A0] F2 7D 1A 30 56 D1 23 1E 07 65 3F E6 B8 CB 8C 31 .}.0V.#. .e?....1 > [0B0] 15 7B A0 80 0E 1B 8C 76 83 0E E1 4A 90 DD AB 1B .{.....v ...J.... > [0C0] 6F 85 C4 56 2F DD 2C 10 F4 05 FC 7B F1 32 2E ED o..V/.,. ...{.2.. > [0D0] 1A 21 C8 3D 77 89 15 AC 02 BF 5C D4 3B 7D D9 DC .!.=w... ..\.;}.. > [0E0] 90 79 51 A2 36 A1 99 B3 C0 7E C7 7A 2A D7 B8 EE .yQ.6... .~.z*... > [0F0] A1 46 88 96 08 80 B3 E2 42 31 DE BC C3 09 71 F1 .F...... B1....q. > [100] 22 FA 7E 38 49 5D 7D C4 86 3A FA 9D 20 34 BB 39 ".~8I]}. .:.. 4.9 > [110] 81 2C DC C8 F9 96 E6 90 64 8D EA D0 8A D2 84 CA .,...... d....... > [120] 06 F9 57 62 51 BF D9 AE F2 AB 66 DC 15 BA 11 8C ..WbQ... ..f..... > [130] 44 1A B4 4E C9 23 B7 FB 1D D4 80 61 7F D0 8E 76 D..N.#.. ...a...v > [140] CD 19 3B 63 77 16 8D CA 00 04 D9 92 D6 3E 84 8C ..;cw... .....>.. > [150] 9B 01 EB 64 AD 57 67 D4 B8 E9 91 82 D3 89 F6 68 ...d.Wg. .......h > [160] 5A 3F B1 F4 26 B4 C3 A0 85 44 06 00 00 01 00 00 Z?..&... .D...... > [170] 00 77 00 7A 00 FF FF 00 00 0C 5B 87 8E 63 1A 94 .w.z.... ..[..c.. > [180] 86 6C 46 5F A8 1A 4D 74 79 CD FA 36 9A 0E 37 10 .lF_..Mt y..6..7. > [190] E6 . >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0190 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0020 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000005 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000150 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000168 smb_io_rpc_hdr_auth hdr_auth >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0168 auth_type : 44 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0169 auth_level : 06 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 016a auth_pad_len : 00 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 016b auth_reserved: 00 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 016c auth_context_id: 00000001 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000170 smb_io_rpc_auth_schannel_chk >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0170 sig : 77 00 7a 00 ff ff 00 00 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0178 seq_num: 0c 5b 87 8e 63 1a 94 86 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0180 packet_digest: 6c 46 5f a8 1a 4d 74 79 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0188 confounder: cd fa 36 9a 0e 37 10 e6 >[2006/11/08 12:11:53, 10] rpc_parse/parse_prs.c:schannel_decode(1710) > SCHANNEL: schannel_decode seq_num=1 data_len=336 >[2006/11/08 12:11:53, 10] rpc_parse/parse_prs.c:schannel_decode(1730) > SCHANNEL: schannel_decode seq_num=1 data_len=336 >[2006/11/08 12:11:53, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 400, data_len 336, ss_len 0 >[2006/11/08 12:11:53, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 400 at offset 0 >[2006/11/08 12:11:53, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x804 returned 672 bytes. >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_sam_logon >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 buffer_creds: 001b207c >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_cred >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_chal >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0004 data: 32 c0 01 24 25 fc 69 99 >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00000c smb_io_utime >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c time: 00000000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 switch_value: 0003 >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 net_io_user_info3 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 ptr_user_info : 0015aed8 >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_time logon time >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 low : 6dc42ed0 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c high: 01c70314 >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_time logoff time >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 low : ffffffff >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 high: 7fffffff >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_time kickoff time >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 low : ffffffff >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c high: 7fffffff >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_time last set time >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 low : e66ea200 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 high: 01bb61e6 >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_time can change time >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0038 low : e66ea200 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c high: 01bb61e6 >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000040 smb_io_time must change time >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 low : ffffffff >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 high: 7fffffff >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000048 smb_io_unihdr hdr_user_name >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0048 uni_str_len: 0000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 004a uni_max_len: 0000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c buffer : 00000000 >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000050 smb_io_unihdr hdr_full_name >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0050 uni_str_len: 0000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0052 uni_max_len: 0000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 buffer : 00000000 >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000058 smb_io_unihdr hdr_logon_script >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0058 uni_str_len: 0000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 005a uni_max_len: 0000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c buffer : 00000000 >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000060 smb_io_unihdr hdr_profile_path >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0060 uni_str_len: 0000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0062 uni_max_len: 0000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 buffer : 00000000 >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000068 smb_io_unihdr hdr_home_dir >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0068 uni_str_len: 0000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006a uni_max_len: 0000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c buffer : 00000000 >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000070 smb_io_unihdr hdr_dir_drive >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0070 uni_str_len: 0000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0072 uni_max_len: 0000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 buffer : 00000000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0078 logon_count : 0419 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 007a bad_pw_count : 0000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c user_rid : 0000040d >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0080 group_rid : 00000417 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0084 num_groups : 00000002 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0088 buffer_groups : 0015afa4 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 008c user_flgs : 00000120 >[2006/11/08 12:11:53, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) > dump_user_flgs > account has LOGON_EXTRA_SIDS > account has LOGON_NTLMV2_ENABLED >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0090 user_sess_key: 0d 92 21 6d ad d1 36 2e d3 7b ec 46 58 80 62 d3 >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000a0 smb_io_unihdr hdr_logon_srv >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a0 uni_str_len: 000e >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a2 uni_max_len: 0010 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a4 buffer : 0015afcc >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000a8 smb_io_unihdr hdr_logon_dom >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a8 uni_str_len: 000c >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00aa uni_max_len: 000e >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ac buffer : 0015afdc >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b0 buffer_dom_id : 0015afb4 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00b4 lm_sess_key: 6f eb 72 f2 51 2d c5 40 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00bc acct_flags : 00000000 >[2006/11/08 12:11:53, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) > dump_acct_flags >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c0 unkown: 00000000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 unkown: 00000000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c8 unkown: 00000000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00cc unkown: 00000000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d0 unkown: 00000000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d4 unkown: 00000000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d8 unkown: 00000000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00dc num_other_sids: 00000000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e0 buffer_other_sids: 00000000 >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unistr2 - NULL uni_user_name >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unistr2 - NULL uni_full_name >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unistr2 - NULL uni_logon_script >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unistr2 - NULL uni_profile_path >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unistr2 - NULL uni_home_dir >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unistr2 - NULL uni_dir_drive >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e4 num_groups2 : 00000002 >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e8 smb_io_gid >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e8 g_rid: 00000201 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ec attr : 00000007 >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000f0 smb_io_gid >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f0 g_rid: 00000417 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f4 attr : 00000007 >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000f8 smb_io_unistr2 uni_logon_srv >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f8 uni_max_len: 00000008 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00fc offset : 00000000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0100 uni_str_len: 00000007 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0104 buffer : E.S.K.U.E.L.L. >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000112 smb_io_unistr2 uni_logon_dom >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0114 uni_max_len: 00000007 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0118 offset : 00000000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 011c uni_str_len: 00000006 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0120 buffer : L.A.B.-.R.R. >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00012c smb_io_dom_sid2 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 012c num_auths: 00000004 >[2006/11/08 12:11:53, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000130 smb_io_dom_sid sid >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0130 sid_rev_num: 01 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0131 num_auths : 04 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0132 id_auth[0] : 00 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0133 id_auth[1] : 00 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0134 id_auth[2] : 00 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0135 id_auth[3] : 00 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0136 id_auth[4] : 00 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0137 id_auth[5] : 05 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0138 sub_auths : 00000015 7b7e4147 61020126 26126b85 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0148 auth_resp : 00490001 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 014c status : NT_STATUS_OK >[2006/11/08 12:11:53, 10] libsmb/credentials.c:creds_client_check(325) > creds_client_check: credentials check OK. >[2006/11/08 12:11:53, 10] passdb/secrets.c:secrets_named_mutex_release(791) > secrets_named_mutex: released mutex for ESKUELL >[2006/11/08 12:11:53, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user LAB-RR\wwwutz >[2006/11/08 12:11:53, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is lab-rr\wwwutz >[2006/11/08 12:11:53, 5] lib/username.c:Get_Pwnam_internals(82) > Trying _Get_Pwnam(), username as given is LAB-RR\wwwutz >[2006/11/08 12:11:53, 5] lib/username.c:Get_Pwnam_internals(92) > Trying _Get_Pwnam(), username as uppercase is LAB-RR\WWWUTZ >[2006/11/08 12:11:53, 5] lib/username.c:Get_Pwnam_internals(101) > Checking combinations of 0 uppercase letters in lab-rr\wwwutz >[2006/11/08 12:11:53, 5] lib/username.c:Get_Pwnam_internals(107) > Get_Pwnam_internals didn't find user [LAB-RR\wwwutz]! >[2006/11/08 12:11:53, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user wwwutz >[2006/11/08 12:11:53, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is wwwutz >[2006/11/08 12:11:53, 5] lib/username.c:Get_Pwnam_internals(107) > Get_Pwnam_internals did find user [wwwutz]! >[2006/11/08 12:11:53, 5] auth/auth_util.c:fill_sam_account(1532) > fill_sam_account: located username was [wwwutz] >[2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_username(533) > pdb_set_username: setting username wwwutz, was >[2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_fullname(602) > pdb_set_full_name: setting full name Peter Marquardt,R031,1430,, was >[2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_domain(556) > pdb_set_domain: setting domain WARTHOLE, was >[2006/11/08 12:11:53, 4] lib/substitute.c:automount_server(407) > Home server: warthole >[2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_profile_path(648) > pdb_set_profile_path: setting profile path \\warthole\wwwutz\profile, was >[2006/11/08 12:11:53, 4] lib/substitute.c:automount_server(407) > Home server: warthole >[2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_homedir(695) > pdb_set_homedir: setting home dir \\warthole\wwwutz, was >[2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(671) > pdb_set_dir_drive: setting dir drive , was NULL >[2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_logon_script(625) > pdb_set_logon_script: setting logon script , was >[2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_user_sid(462) > pdb_set_user_sid: setting user sid S-1-5-21-3841262117-2652492237-290310771-1260 >[2006/11/08 12:11:53, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-3841262117-2652492237-290310771-1260 from rid 1260 >[2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_nt_username(579) > pdb_set_nt_username: setting nt username wwwutz, was >[2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_username(533) > pdb_set_username: setting username wwwutz, was wwwutz >[2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_domain(556) > pdb_set_domain: setting domain LAB-RR, was WARTHOLE >[2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_user_sid(462) > pdb_set_user_sid: setting user sid S-1-5-21-2071871815-1627521318-638741381-1037 >[2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_group_sid(520) > pdb_set_group_sid: setting group sid S-1-5-21-3841262117-2652492237-290310771-513 >[2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_fullname(602) > pdb_set_full_name: setting full name , was Peter Marquardt,R031,1430, >[2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_logon_script(625) > pdb_set_logon_script: setting logon script , was >[2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_profile_path(648) > pdb_set_profile_path: setting profile path , was \\warthole\wwwutz\profile >[2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_homedir(695) > pdb_set_homedir: setting home dir , was \\warthole\wwwutz >[2006/11/08 12:11:53, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(671) > pdb_set_dir_drive: setting dir drive , was >[2006/11/08 12:11:53, 10] libsmb/samlogon_cache.c:netsamlogon_cache_store(134) > netsamlogon_cache_store: SID [S-1-5-21-2071871815-1627521318-638741381-1037] >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 timestamp: 4551bb79 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000004 net_io_user_info3 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 ptr_user_info : 0015aed8 >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_time logon time >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 low : 6dc42ed0 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c high: 01c70314 >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_time logoff time >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 low : ffffffff >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 high: 7fffffff >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_time kickoff time >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 low : ffffffff >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c high: 7fffffff >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_time last set time >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 low : e66ea200 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 high: 01bb61e6 >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_time can change time >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 low : e66ea200 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c high: 01bb61e6 >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_time must change time >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 low : ffffffff >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 high: 7fffffff >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_unihdr hdr_user_name >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 uni_str_len: 000e >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a uni_max_len: 000e >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c buffer : 00000001 >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000040 smb_io_unihdr hdr_full_name >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0040 uni_str_len: 0000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0042 uni_max_len: 0000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 buffer : 00000000 >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000048 smb_io_unihdr hdr_logon_script >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0048 uni_str_len: 0000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 004a uni_max_len: 0000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c buffer : 00000000 >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000050 smb_io_unihdr hdr_profile_path >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0050 uni_str_len: 0000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0052 uni_max_len: 0000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 buffer : 00000000 >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000058 smb_io_unihdr hdr_home_dir >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0058 uni_str_len: 0000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 005a uni_max_len: 0000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c buffer : 00000000 >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000060 smb_io_unihdr hdr_dir_drive >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0060 uni_str_len: 0000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0062 uni_max_len: 0000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 buffer : 00000000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0068 logon_count : 0419 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006a bad_pw_count : 0000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c user_rid : 0000040d >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 group_rid : 00000417 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 num_groups : 00000002 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 buffer_groups : 0015afa4 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c user_flgs : 00000120 >[2006/11/08 12:11:53, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) > dump_user_flgs > account has LOGON_EXTRA_SIDS > account has LOGON_NTLMV2_ENABLED >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0080 user_sess_key: 09 94 83 62 f1 7d 25 a6 3b 56 b0 b6 7b 29 b5 d2 >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000090 smb_io_unihdr hdr_logon_srv >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0090 uni_str_len: 000e >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0092 uni_max_len: 0010 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0094 buffer : 0015afcc >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000098 smb_io_unihdr hdr_logon_dom >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0098 uni_str_len: 000c >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009a uni_max_len: 000e >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 009c buffer : 0015afdc >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a0 buffer_dom_id : 0015afb4 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00a4 lm_sess_key: 6b ed d0 fd 0d 81 d6 c8 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ac acct_flags : 00000000 >[2006/11/08 12:11:53, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) > dump_acct_flags >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b0 unkown: 00000000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b4 unkown: 00000000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b8 unkown: 00000000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00bc unkown: 00000000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c0 unkown: 00000000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 unkown: 00000000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c8 unkown: 00000000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00cc num_other_sids: 00000000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d0 buffer_other_sids: 00000000 >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000d4 smb_io_unistr2 uni_user_name >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d4 uni_max_len: 00000007 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d8 offset : 00000000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00dc uni_str_len: 00000007 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00e0 buffer : w.w.w.u.t.z... >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ee smb_io_unistr2 - NULL uni_full_name >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ee smb_io_unistr2 - NULL uni_logon_script >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ee smb_io_unistr2 - NULL uni_profile_path >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ee smb_io_unistr2 - NULL uni_home_dir >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ee smb_io_unistr2 - NULL uni_dir_drive >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f0 num_groups2 : 00000002 >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000f4 smb_io_gid >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f4 g_rid: 00000201 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f8 attr : 00000007 >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000fc smb_io_gid >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00fc g_rid: 00000417 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0100 attr : 00000007 >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000104 smb_io_unistr2 uni_logon_srv >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0104 uni_max_len: 00000008 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0108 offset : 00000000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 010c uni_str_len: 00000007 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0110 buffer : E.S.K.U.E.L.L. >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00011e smb_io_unistr2 uni_logon_dom >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0120 uni_max_len: 00000007 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0124 offset : 00000000 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0128 uni_str_len: 00000006 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 012c buffer : L.A.B.-.R.R. >[2006/11/08 12:11:53, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000138 smb_io_dom_sid2 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0138 num_auths: 00000004 >[2006/11/08 12:11:53, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00013c smb_io_dom_sid sid >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 013c sid_rev_num: 01 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 013d num_auths : 04 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 013e id_auth[0] : 00 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 013f id_auth[1] : 00 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0140 id_auth[2] : 00 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0141 id_auth[3] : 00 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0142 id_auth[4] : 00 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0143 id_auth[5] : 05 >[2006/11/08 12:11:53, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0144 sub_auths : 00000015 7b7e4147 61020126 26126b85 >[2006/11/08 12:11:53, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,45) >[2006/11/08 12:11:53, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,45) wrote 45 >[2006/11/08 12:11:53, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2006/11/08 12:11:53, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:53, 5] lib/util.c:show_msg(481) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2055 > smb_pid=7198 > smb_uid=4099 > smb_mid=13 > smt_wct=0 > smb_bcc=0 >[2006/11/08 12:11:53, 10] libsmb/clientgen.c:cli_rpc_pipe_close(383) > cli_rpc_pipe_close: closed pipe \NETLOGON to machine ESKUELL >[2006/11/08 12:11:53, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,39) >[2006/11/08 12:11:53, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,39) wrote 39 >[2006/11/08 12:11:53, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2006/11/08 12:11:53, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:53, 5] lib/util.c:show_msg(481) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2055 > smb_pid=7198 > smb_uid=4099 > smb_mid=14 > smt_wct=0 > smb_bcc=0 >[2006/11/08 12:11:53, 3] auth/auth.c:check_ntlm_password(269) > check_ntlm_password: winbind authentication for user [wwwutz] succeeded >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:53, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:53, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:53, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:53, 5] auth/auth.c:check_ntlm_password(295) > check_ntlm_password: PAM Account for user [wwwutz] succeeded >[2006/11/08 12:11:53, 2] auth/auth.c:check_ntlm_password(304) > check_ntlm_password: authentication for user [wwwutz] -> [wwwutz] -> [wwwutz] succeeded >[2006/11/08 12:11:53, 5] auth/auth_util.c:free_user_info(1866) > attempting to free (and zero) a user_info structure >[2006/11/08 12:11:53, 10] auth/auth_util.c:free_user_info(1869) > structure was created for wwwutz >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: WARTHOLE\wwwutz => WARTHOLE (domain), wwwutz (name) >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:53, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:53, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:53, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:53, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) > getsampwnam (smbpasswd): search by name: wwwutz >[2006/11/08 12:11:53, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) > startsmbfilepwent_internal: opening file /var/samba/private/smbpasswd >[2006/11/08 12:11:53, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) > getsmbfilepwent: end of file reached. >[2006/11/08 12:11:53, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) > endsmbfilepwent_internal: closed password file. >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:53, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:53, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:53, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: Unix User\wwwutz => Unix User (domain), wwwutz (name) >[2006/11/08 12:11:53, 10] lib/util_pw.c:getpwnam_alloc(76) > Got wwwutz from pwnam_cache >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_uid(1209) > sid_to_uid: S-1-22-1-130 -> 130 >[2006/11/08 12:11:53, 10] lib/system_smbd.c:sys_getgrouplist(125) > sys_getgrouplist: user [wwwutz] >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:53, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:53, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:53, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 15 -> S-1-22-2-15 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 12003 -> S-1-22-2-12003 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 121 -> S-1-22-2-121 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 20 -> S-1-22-2-20 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 209 -> S-1-22-2-209 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 263 -> S-1-22-2-263 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 219 -> S-1-22-2-219 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 352 -> S-1-22-2-352 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 0 -> S-1-22-2-0 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 257 -> S-1-22-2-257 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 1000 -> S-1-22-2-1000 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 369 -> S-1-22-2-369 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 154 -> S-1-22-2-154 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 400 -> S-1-22-2-400 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 5000 -> S-1-22-2-5000 >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-1-130] >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-15] >[2006/11/08 12:11:53, 5] lib/privileges.c:get_privileges_for_sids(458) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: > SE_PRIV 0x0 0x0 0x0 0x0 >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-12003] >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-121] >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-20] >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-209] >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-263] >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-219] >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-352] >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-0] >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-257] >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-1000] >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-369] >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-154] >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-400] >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-5000] >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-15 -> 15 >[2006/11/08 12:11:53, 10] auth/auth_util.c:create_local_token(1022) > Could not convert SID S-1-1-0 to gid, ignoring it >[2006/11/08 12:11:53, 10] auth/auth_util.c:create_local_token(1022) > Could not convert SID S-1-5-2 to gid, ignoring it >[2006/11/08 12:11:53, 10] auth/auth_util.c:create_local_token(1022) > Could not convert SID S-1-5-11 to gid, ignoring it >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-12003 -> 12003 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-121 -> 121 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-20 -> 20 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-209 -> 209 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-263 -> 263 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-219 -> 219 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-352 -> 352 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-0 -> 0 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-257 -> 257 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-1000 -> 1000 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-369 -> 369 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-154 -> 154 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-400 -> 400 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-5000 -> 5000 >[2006/11/08 12:11:53, 10] auth/auth_util.c:debug_nt_user_token(452) > NT user token of user S-1-22-1-130 > contains 19 SIDs > SID[ 0]: S-1-22-1-130 > SID[ 1]: S-1-22-2-15 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-12003 > SID[ 6]: S-1-22-2-121 > SID[ 7]: S-1-22-2-20 > SID[ 8]: S-1-22-2-209 > SID[ 9]: S-1-22-2-263 > SID[ 10]: S-1-22-2-219 > SID[ 11]: S-1-22-2-352 > SID[ 12]: S-1-22-2-0 > SID[ 13]: S-1-22-2-257 > SID[ 14]: S-1-22-2-1000 > SID[ 15]: S-1-22-2-369 > SID[ 16]: S-1-22-2-154 > SID[ 17]: S-1-22-2-400 > SID[ 18]: S-1-22-2-5000 > SE_PRIV 0x0 0x0 0x0 0x0 >[2006/11/08 12:11:53, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(132) > Got NT session key of length 16 >[2006/11/08 12:11:53, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(139) > Got LM session key of length 8 >[2006/11/08 12:11:53, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(738) > ntlmssp_server_auth: Created NTLM2 session key. >[2006/11/08 12:11:53, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) > NTLMSSP Sign/Seal - Initialising with flags: >[2006/11/08 12:11:53, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0xe0088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP_NEGOTIATE_56 >[2006/11/08 12:11:53, 10] smbd/password.c:register_vuid(185) > register_vuid: allocated vuid = 101 >[2006/11/08 12:11:53, 10] lib/util_pw.c:getpwnam_alloc(76) > Got wwwutz from pwnam_cache >[2006/11/08 12:11:53, 10] smbd/password.c:register_vuid(273) > register_vuid: (130,15) wwwutz wwwutz LAB-RR guest=0 >[2006/11/08 12:11:53, 3] smbd/password.c:register_vuid(279) > User name: wwwutz Real name: >[2006/11/08 12:11:53, 3] smbd/password.c:register_vuid(300) > UNIX uid 130 is UNIX user wwwutz, and will be vuid 101 >[2006/11/08 12:11:53, 7] param/loadparm.c:lp_servicenumber(5112) > lp_servicenumber: couldn't find wwwutz >[2006/11/08 12:11:53, 3] smbd/password.c:register_vuid(330) > Adding homes service for user 'wwwutz' using home directory: '/home/wwwutz' >[2006/11/08 12:11:53, 8] param/loadparm.c:add_a_service(2494) > add_a_service: Creating snum = 346 for wwwutz >[2006/11/08 12:11:53, 10] param/loadparm.c:hash_a_service(2541) > hash_a_service: hashing index 346 for service name wwwutz >[2006/11/08 12:11:53, 3] param/loadparm.c:lp_add_home(2587) > adding home's share [wwwutz] for user 'wwwutz' at '/home/wwwutz' >[2006/11/08 12:11:53, 6] param/loadparm.c:lp_file_list_changed(2998) > lp_file_list_changed() > file /usr/local/samba/etc/smb.conf.service.bkps -> /usr/local/samba/etc/smb.conf.service.bkps last mod_time: Tue Nov 7 10:59:35 2006 > > file /usr/local/samba/etc/smb.conf.global.%h -> /usr/local/samba/etc/smb.conf.global.warthole last mod_time: Thu Jan 1 01:00:00 1970 > > file /usr/local/samba/etc/smb.conf.global -> /usr/local/samba/etc/smb.conf.global last mod_time: Tue Nov 7 10:59:35 2006 > > file /usr/local/samba/etc/smb.conf -> /usr/local/samba/etc/smb.conf last mod_time: Wed Nov 8 12:11:08 2006 > >[2006/11/08 12:11:53, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:53, 5] lib/util.c:show_msg(481) > size=104 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=19968 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=61 >[2006/11/08 12:11:53, 10] lib/util.c:dump_data(2215) > [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x > [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 > [020] 00 2E 00 30 00 2E 00 32 00 33 00 63 00 00 00 4C ...0...2 .3.c...L > [030] 00 41 00 42 00 2D 00 52 00 52 00 00 00 .A.B.-.R .R... >[2006/11/08 12:11:53, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: 60 >[2006/11/08 12:11:53, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 96 >[2006/11/08 12:11:53, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x60 >[2006/11/08 12:11:53, 3] smbd/process.c:process_smb(1110) > Transaction 3 of length 100 >[2006/11/08 12:11:53, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:53, 5] lib/util.c:show_msg(481) > size=96 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=20032 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=53 >[2006/11/08 12:11:53, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 5C 00 57 00 41 00 52 00 54 00 48 00 4F .\.\.W.A .R.T.H.O > [010] 00 4C 00 45 00 5C 00 4D 00 41 00 4D 00 45 00 50 .L.E.\.M .A.M.E.P > [020] 00 49 00 4D 00 41 00 47 00 45 00 53 00 00 00 3F .I.M.A.G .E.S...? > [030] 3F 3F 3F 3F 00 ????. >[2006/11/08 12:11:53, 3] smbd/process.c:switch_message(914) > switch message SMBtconX (pid 7198) conn 0x0 >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:53, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:53, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:53, 5] smbd/uid.c:change_to_root_user(274) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/11/08 12:11:53, 4] smbd/reply.c:reply_tcon_and_X(668) > Client requested device type [?????] for share [MAMEPIMAGES] >[2006/11/08 12:11:53, 5] smbd/service.c:make_connection(1116) > making a connection to 'normal' service mamepimages >[2006/11/08 12:11:53, 10] smbd/share_access.c:user_ok_token(224) > user_ok_token: share mamepimages is ok for unix user wwwutz >[2006/11/08 12:11:53, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user wwwutz >[2006/11/08 12:11:53, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is wwwutz >[2006/11/08 12:11:53, 10] lib/util_pw.c:getpwnam_alloc(76) > Got wwwutz from pwnam_cache >[2006/11/08 12:11:53, 5] lib/username.c:Get_Pwnam_internals(107) > Get_Pwnam_internals did find user [wwwutz]! >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: WARTHOLE\imgdata => WARTHOLE (domain), imgdata (name) >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:53, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:53, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:53, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:53, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) > getsampwnam (smbpasswd): search by name: imgdata >[2006/11/08 12:11:53, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) > startsmbfilepwent_internal: opening file /var/samba/private/smbpasswd >[2006/11/08 12:11:53, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) > getsmbfilepwent: end of file reached. >[2006/11/08 12:11:53, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) > endsmbfilepwent_internal: closed password file. >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:53, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:53, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:53, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: Unix User\imgdata => Unix User (domain), imgdata (name) >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_uid(1209) > sid_to_uid: S-1-22-1-1087 -> 1087 >[2006/11/08 12:11:53, 10] lib/system_smbd.c:sys_getgrouplist(125) > sys_getgrouplist: user [imgdata] >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:53, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:53, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:53, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 372 -> S-1-22-2-372 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 392 -> S-1-22-2-392 >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-1-1087] >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-372] >[2006/11/08 12:11:53, 5] lib/privileges.c:get_privileges_for_sids(458) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: > SE_PRIV 0x0 0x0 0x0 0x0 >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-392] >[2006/11/08 12:11:53, 3] smbd/service.c:make_connection_snum(672) > Forced user imgdata >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: WARTHOLE\abt_her => WARTHOLE (domain), abt_her (name) >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:53, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:53, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:53, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: Unix Group\abt_her => Unix Group (domain), abt_her (name) >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-9000 -> 9000 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: WARTHOLE\imgdata => WARTHOLE (domain), imgdata (name) >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:53, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:53, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:53, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:53, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) > getsampwnam (smbpasswd): search by name: imgdata >[2006/11/08 12:11:53, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) > startsmbfilepwent_internal: opening file /var/samba/private/smbpasswd >[2006/11/08 12:11:53, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) > getsmbfilepwent: end of file reached. >[2006/11/08 12:11:53, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) > endsmbfilepwent_internal: closed password file. >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:53, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:53, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:53, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: Unix User\imgdata => Unix User (domain), imgdata (name) >[2006/11/08 12:11:53, 10] lib/util_pw.c:getpwnam_alloc(76) > Got imgdata from pwnam_cache >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:sid_to_uid(1209) > sid_to_uid: S-1-22-1-1087 -> 1087 >[2006/11/08 12:11:53, 10] lib/system_smbd.c:sys_getgrouplist(125) > sys_getgrouplist: user [imgdata] >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:53, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:53, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:53, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:53, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 372 -> S-1-22-2-372 >[2006/11/08 12:11:53, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 392 -> S-1-22-2-392 >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-1-1087] >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-372] >[2006/11/08 12:11:53, 5] lib/privileges.c:get_privileges_for_sids(458) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: > SE_PRIV 0x0 0x0 0x0 0x0 >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2006/11/08 12:11:53, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-392] >[2006/11/08 12:11:53, 10] smbd/service.c:make_connection_snum(736) > Could not convert SID S-1-22-1-1087 to gid, ignoring it >[2006/11/08 12:11:53, 0] lib/util_str.c:safe_strcat_fn(636) > ERROR: string overflow by 7 in safe_strcat [-1802264934] >[2006/11/08 12:11:53, 0] lib/util_str.c:safe_strcat_fn(636) > ERROR: string overflow by 11 in safe_strcat [-1651269932] >[2006/11/08 12:11:53, 0] lib/util_str.c:safe_strcat_fn(636) > ERROR: string overflow by 10 in safe_strcat [-745763429] >[2006/11/08 12:11:53, 0] lib/util_str.c:safe_strcat_fn(636) > ERROR: string overflow by 11 in safe_strcat [-1851880033] >[2006/11/08 12:11:53, 0] lib/util_str.c:safe_strcat_fn(636) > ERROR: string overflow by 11 in safe_strcat [-1680630116] >[2006/11/08 12:11:53, 0] lib/util_str.c:safe_strcat_fn(636) > ERROR: string overflow by 11 in safe_strcat [-1702061423] >[2006/11/08 12:11:53, 0] lib/util_str.c:safe_strcat_fn(636) > ERROR: string overflow by 11 in safe_strcat [-2003053682] >[2006/11/08 12:11:54, 6] param/loadparm.c:lp_file_list_changed(2998) > lp_file_list_changed() > file /usr/local/samba/etc/smb.conf.service.bkps -> /usr/local/samba/etc/smb.conf.service.bkps last mod_time: Tue Nov 7 10:59:35 2006 > > file /usr/local/samba/etc/smb.conf.global.%h -> /usr/local/samba/etc/smb.conf.global.warthole last mod_time: Thu Jan 1 01:00:00 1970 > > file /usr/local/samba/etc/smb.conf.global -> /usr/local/samba/etc/smb.conf.global last mod_time: Tue Nov 7 10:59:35 2006 > > file /usr/local/samba/etc/smb.conf -> /usr/local/samba/etc/smb.conf last mod_time: Wed Nov 8 12:11:08 2006 > >[2006/11/08 12:11:54, 5] auth/auth_util.c:make_user_info_map(160) > make_user_info_map: Mapping user [lab-rr]\[wwwutz] from workstation [WALDI] >[2006/11/08 12:11:54, 10] lib/gencache.c:gencache_get(285) > Returning valid cache entry: key = TDOMCACHE/TIMESTAMP, value = 1162983779, timeout = Wed Nov 8 12:12:59 2006 >[2006/11/08 12:11:54, 10] libsmb/trustdom_cache.c:update_trustdom_cache(326) > update_trustdom_cache: not time to update trustdom_cache yet >[2006/11/08 12:11:54, 10] lib/gencache.c:gencache_get(312) > Cache entry with key = TDOM/LAB-RR couldn't be found >[2006/11/08 12:11:54, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) > no entry for trusted domain lab-rr found. >[2006/11/08 12:11:54, 5] auth/auth_util.c:make_user_info(75) > attempting to make a user_info for wwwutz (wwwutz) >[2006/11/08 12:11:54, 5] auth/auth_util.c:make_user_info(85) > making strings for wwwutz's user_info struct >[2006/11/08 12:11:54, 5] auth/auth_util.c:make_user_info(117) > making blobs for wwwutz's user_info struct >[2006/11/08 12:11:54, 10] auth/auth_util.c:make_user_info(135) > made an encrypted user_info for wwwutz (wwwutz) >[2006/11/08 12:11:54, 3] auth/auth.c:check_ntlm_password(220) > check_ntlm_password: Checking password for unmapped user [lab-rr]\[wwwutz]@[WALDI] with the new password interface >[2006/11/08 12:11:54, 3] auth/auth.c:check_ntlm_password(223) > check_ntlm_password: mapped user is: [LAB-RR]\[wwwutz]@[WALDI] >[2006/11/08 12:11:54, 10] auth/auth.c:check_ntlm_password(232) > check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) >[2006/11/08 12:11:54, 10] auth/auth.c:check_ntlm_password(235) > challenge is: >[2006/11/08 12:11:54, 5] lib/util.c:dump_data(2215) > [000] 58 E8 63 9D AD DC 2E 70 X.c....p >[2006/11/08 12:11:54, 10] auth/auth.c:check_ntlm_password(261) > check_ntlm_password: guest had nothing to say >[2006/11/08 12:11:54, 8] lib/util.c:is_myname(2036) > is_myname("LAB-RR") returns 0 >[2006/11/08 12:11:54, 6] auth/auth_sam.c:check_samstrict_security(412) > check_samstrict_security: LAB-RR is not one of my local names (ROLE_DOMAIN_MEMBER) >[2006/11/08 12:11:54, 10] auth/auth.c:check_ntlm_password(261) > check_ntlm_password: sam had nothing to say >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:54, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:54, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:54, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:54, 8] libsmb/namequery.c:get_sorted_dc_list(1550) > get_sorted_dc_list: attempting lookup using [lmhosts wins host bcast] >[2006/11/08 12:11:54, 10] lib/gencache.c:gencache_get(285) > Returning valid cache entry: key = SAF/DOMAIN/LAB-RR, value = ESKUELL, timeout = Wed Nov 8 12:26:52 2006 >[2006/11/08 12:11:54, 5] libsmb/namequery.c:saf_fetch(107) > saf_fetch: Returning "ESKUELL" for "LAB-RR" domain >[2006/11/08 12:11:54, 3] libsmb/namequery.c:get_dc_list(1426) > get_dc_list: preferred server list: "ESKUELL, *" >[2006/11/08 12:11:54, 10] libsmb/namequery.c:internal_resolve_name(1132) > internal_resolve_name: looking up LAB-RR#1c >[2006/11/08 12:11:54, 10] lib/gencache.c:gencache_get(285) > Returning valid cache entry: key = NBT/LAB-RR#1C, value = 141.14.16.97:0,141.14.17.120:0,141.14.17.130:0,141.14.19.244:0, timeout = Wed Nov 8 12:13:59 2006 >[2006/11/08 12:11:54, 5] libsmb/namecache.c:namecache_fetch(201) > name LAB-RR#1C found. >[2006/11/08 12:11:54, 8] libsmb/namequery.c:get_dc_list(1441) > Adding 4 DC's from auto lookup >[2006/11/08 12:11:54, 10] libsmb/namequery.c:internal_resolve_name(1132) > internal_resolve_name: looking up ESKUELL#20 >[2006/11/08 12:11:54, 10] lib/gencache.c:gencache_get(285) > Returning valid cache entry: key = NBT/ESKUELL#20, value = 141.14.16.97:0, timeout = Wed Nov 8 12:13:59 2006 >[2006/11/08 12:11:54, 5] libsmb/namecache.c:namecache_fetch(201) > name ESKUELL#20 found. >[2006/11/08 12:11:54, 10] libsmb/namequery.c:remove_duplicate_addrs2(408) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2006/11/08 12:11:54, 4] libsmb/namequery.c:get_dc_list(1528) > get_dc_list: returning 4 ip addresses in an ordered list >[2006/11/08 12:11:54, 4] libsmb/namequery.c:get_dc_list(1530) > get_dc_list: 141.14.16.97:0 141.14.17.120:0 141.14.17.130:0 141.14.19.244:0 >[2006/11/08 12:11:54, 10] libsmb/namequery.c:name_status_find(275) > name_status_find: looking up LAB-RR#1c at 141.14.16.97 >[2006/11/08 12:11:54, 10] lib/gencache.c:gencache_get(312) > Cache entry with key = NBT/LAB-RR#1C.20.141.14.16.97 couldn't be found >[2006/11/08 12:11:54, 5] libsmb/namecache.c:namecache_status_fetch(308) > namecache_status_fetch: no entry for NBT/LAB-RR#1C.20.141.14.16.97 found. >[2006/11/08 12:11:54, 10] lib/gencache.c:gencache_del(218) > Deleting cache entry (key = NBT/LAB-RR#1C.20.141.14.16.97) >[2006/11/08 12:11:54, 10] lib/util_sock.c:open_socket_in(839) > bind succeeded on port 0 >[2006/11/08 12:11:54, 5] libsmb/nmblib.c:send_udp(776) > Sending a packet of len 50 to (141.14.16.97) on port 137 >[2006/11/08 12:11:54, 10] lib/util_sock.c:read_udp_socket(293) > read_udp_socket: lastip 141.14.16.97 lastport 137 read: 301 >[2006/11/08 12:11:54, 10] libsmb/nmblib.c:parse_nmb(506) > parse_nmb: packet id = 18392 >[2006/11/08 12:11:54, 5] libsmb/nmblib.c:read_packet(754) > Received a packet of len 301 from (141.14.16.97) port 137 >[2006/11/08 12:11:54, 4] libsmb/nmblib.c:debug_nmb_packet(112) > nmb packet from 141.14.16.97(137) header: id=18392 opcode=Query(0) response=Yes > header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=LAB-RR<1c> rr_type=33 rr_class=1 ttl=0 > answers 0 char .ESKUELL hex 0A45534B55454C4C2020202020202020 > answers 10 char .D.LAB-RR hex 0044004C41422D525220202020202020 > answers 20 char ...LAB-RR hex 202000C4004C41422D52522020202020 > answers 30 char ...ESKUELL hex 202020201CC40045534B55454C4C2020 > answers 40 char D.LAB-RR hex 2020202020202044004C41422D525220 > answers 50 char .D.ESKUE hex 20202020202020201B440045534B5545 > answers 60 char LL .D.ADM hex 4C4C202020202020202003440041444D > answers 70 char INISTRATOR .D.L hex 494E4953545241544F5220200344004C > answers 80 char AB-RR .. hex 41422D52522020202020202020201EC4 > answers 90 char .LAB-RR hex 004C41422D5252202020202020202020 > answers a0 char .D...__MSBROWSE_ hex 1D440001025F5F4D5342524F5753455F > answers b0 char _........]...... hex 5F0201C4000000F8025D840000000000 > answers c0 char ................ hex 00000000000000000000000000000000 > answers d0 char ................ hex 00000000000000000000000000000000 > answers e0 char ... hex 000000 >[2006/11/08 12:11:54, 10] libsmb/namequery.c:parse_node_status(157) > ESKUELL#00: flags = 0x44 >[2006/11/08 12:11:54, 10] libsmb/namequery.c:parse_node_status(157) > LAB-RR#00: flags = 0xc4 >[2006/11/08 12:11:54, 10] libsmb/namequery.c:parse_node_status(157) > LAB-RR#1c: flags = 0xc4 >[2006/11/08 12:11:54, 10] libsmb/namequery.c:parse_node_status(157) > ESKUELL#20: flags = 0x44 >[2006/11/08 12:11:54, 10] libsmb/namequery.c:parse_node_status(157) > LAB-RR#1b: flags = 0x44 >[2006/11/08 12:11:54, 10] libsmb/namequery.c:parse_node_status(157) > ESKUELL#03: flags = 0x44 >[2006/11/08 12:11:54, 10] libsmb/namequery.c:parse_node_status(157) > ADMINISTRATOR#03: flags = 0x44 >[2006/11/08 12:11:54, 10] libsmb/namequery.c:parse_node_status(157) > LAB-RR#1e: flags = 0xc4 >[2006/11/08 12:11:54, 10] libsmb/namequery.c:parse_node_status(157) > LAB-RR#1d: flags = 0x44 >[2006/11/08 12:11:54, 10] libsmb/namequery.c:parse_node_status(157) > __MSBROWSE__#01: flags = 0xc4 >[2006/11/08 12:11:54, 10] libsmb/namequery.c:name_status_find(315) > name_status_find: name found, name ESKUELL ip address is 141.14.16.97 >[2006/11/08 12:11:54, 3] libsmb/namequery_dc.c:rpc_dc_name(116) > rpc_dc_name: Returning DC ESKUELL (141.14.16.97) for domain LAB-RR >[2006/11/08 12:11:54, 10] passdb/secrets.c:secrets_named_mutex(779) > secrets_named_mutex: got mutex for ESKUELL >[2006/11/08 12:11:54, 3] libsmb/cliconnect.c:cli_start_connection(1417) > Connecting to host=ESKUELL >[2006/11/08 12:11:54, 3] lib/util_sock.c:open_socket_out(874) > Connecting to 141.14.16.97 at port 445 >[2006/11/08 12:11:54, 2] lib/util_sock.c:open_socket_out(910) > error connecting to 141.14.16.97:445 (Connection refused) >[2006/11/08 12:11:54, 3] lib/util_sock.c:open_socket_out(874) > Connecting to 141.14.16.97 at port 139 >[2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 0 >[2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 0 >[2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 4 >[2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 8 >[2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEPORT = 0 >[2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 33580 >[2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 33580 >[2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1460 >[2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2006/11/08 12:11:54, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,72) >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,72) wrote 72 >[2006/11/08 12:11:54, 5] libsmb/cliconnect.c:cli_session_request(1262) > Sent session request >[2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 0 >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=0 > smb_com=0x0 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=0 > smb_flg2=0 > smb_tid=0 > smb_pid=0 > smb_uid=0 > smb_mid=0 > smt_wct=0 > smb_bcc=0 >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,183) >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,183) wrote 183 >[2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 91 >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=91 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=12545 > smb_uid=0 > smb_mid=2 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=65283 (0xFF03) > smb_vwv[ 2]= 257 (0x101) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 17 (0x11) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 67 (0x43) > smb_vwv[11]=61440 (0xF000) > smb_vwv[12]=45375 (0xB13F) > smb_vwv[13]= 9948 (0x26DC) > smb_vwv[14]=50947 (0xC703) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 2303 (0x8FF) > smb_bcc=22 >[2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) > [000] 65 77 49 FA 89 40 29 9A 4C 00 41 00 42 00 2D 00 ewI..@). L.A.B.-. > [010] 52 00 52 00 00 00 R.R... >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=91 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=12545 > smb_uid=0 > smb_mid=2 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=65283 (0xFF03) > smb_vwv[ 2]= 257 (0x101) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 17 (0x11) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 67 (0x43) > smb_vwv[11]=61440 (0xF000) > smb_vwv[12]=45375 (0xB13F) > smb_vwv[13]= 9948 (0x26DC) > smb_vwv[14]=50947 (0xC703) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 2303 (0x8FF) > smb_bcc=22 >[2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) > [000] 65 77 49 FA 89 40 29 9A 4C 00 41 00 42 00 2D 00 ewI..@). L.A.B.-. > [010] 52 00 52 00 00 00 R.R... >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,92) >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,92) wrote 92 >[2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 124 >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=124 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=12545 > smb_uid=6144 > smb_mid=3 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 124 (0x7C) > smb_vwv[ 2]= 0 (0x0) > smb_bcc=83 >[2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) > [000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [010] 00 4E 00 54 00 20 00 34 00 2E 00 30 00 00 00 4E .N.T. .4 ...0...N > [020] 00 54 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 .T. .L.A .N. .M.a > [030] 00 6E 00 61 00 67 00 65 00 72 00 20 00 34 00 2E .n.a.g.e .r. .4.. > [040] 00 30 00 00 00 4C 00 41 00 42 00 2D 00 52 00 52 .0...L.A .B.-.R.R > [050] 00 00 00 ... >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=124 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=12545 > smb_uid=6144 > smb_mid=3 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 124 (0x7C) > smb_vwv[ 2]= 0 (0x0) > smb_bcc=83 >[2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) > [000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [010] 00 4E 00 54 00 20 00 34 00 2E 00 30 00 00 00 4E .N.T. .4 ...0...N > [020] 00 54 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 .T. .L.A .N. .M.a > [030] 00 6E 00 61 00 67 00 65 00 72 00 20 00 34 00 2E .n.a.g.e .r. .4.. > [040] 00 30 00 00 00 4C 00 41 00 42 00 2D 00 52 00 52 .0...L.A .B.-.R.R > [050] 00 00 00 ... >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,82) >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,82) wrote 82 >[2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 48 >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=48 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=12545 > smb_uid=6144 > smb_mid=4 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 1 (0x1) > smb_bcc=7 >[2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) > [000] 49 50 43 00 00 00 00 IPC.... >[2006/11/08 12:11:54, 10] libsmb/clientgen.c:cli_init_creds(233) > cli_init_creds: user domain >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,108) >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,108) wrote 108 >[2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 103 >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=12545 > smb_uid=6144 > smb_mid=5 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 768 (0x300) > smb_vwv[ 3]= 272 (0x110) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2006/11/08 12:11:54, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2040) > Bind RPC Pipe[1003]: \NETLOGON auth_type 0, auth_level 0 >[2006/11/08 12:11:54, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) > Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. > [010] 01 00 00 00 .... >[2006/11/08 12:11:54, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [010] 02 00 00 00 .... >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0048 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_rb >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_contexts: 01 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c context_id : 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001e num_transfer_syntaxes: 01 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001f smb_io_rpc_iface >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 12345678 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : 1234 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : abcd >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : ef 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 01 23 45 67 cf fb >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000001 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_rpc_iface >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_uuid uuid >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 data : 8a885d04 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 data : 1ceb >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a data : 11c9 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003c data : 9f e8 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003e data : 08 00 2b 10 48 60 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 version: 00000002 >[2006/11/08 12:11:54, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x1003 >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4096 > smb_pid=12545 > smb_uid=6144 > smb_mid=6 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 4099 (0x1003) > smb_bcc=87 >[2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,158) >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,158) wrote 158 >[2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 124 >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=12545 > smb_uid=6144 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) > [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... > [010] 00 B8 10 B8 10 35 79 06 00 0C 00 5C 50 49 50 45 .....5y. ...\PIPE > [020] 5C 6C 73 61 73 73 00 D9 B8 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=12545 > smb_uid=6144 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) > [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... > [010] 00 B8 10 B8 10 35 79 06 00 0C 00 5C 50 49 50 45 .....5y. ...\PIPE > [020] 5C 6C 73 61 73 73 00 D9 B8 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x1003 returned 68 bytes. >[2006/11/08 12:11:54, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2077) > rpc_pipe_bind: Remote machine ESKUELL pipe \NETLOGON fnum 0x1003 bind request returned ok. >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_ba >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 00067935 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_addr_str >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0018 len: 000c >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a str: \PIPE\lsass. >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000026 smb_io_rpc_results >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0028 num_results: 01 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002c result : 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002e reason : 0000 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_rpc_iface >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_uuid uuid >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 data : 8a885d04 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0034 data : 1ceb >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0036 data : 11c9 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0038 data : 9f e8 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003a data : 08 00 2b 10 48 60 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 version: 00000002 >[2006/11/08 12:11:54, 5] rpc_client/cli_pipe.c:check_bind_response(1701) > check_bind_response: accepted! >[2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2270) > cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine ESKUELL and bound anonymously. >[2006/11/08 12:11:54, 4] passdb/secrets.c:secrets_fetch_trust_account_password(285) > Using cleartext machine password >[2006/11/08 12:11:54, 4] rpc_client/cli_netlogon.c:rpccli_net_req_chal(45) > cli_net_req_chal: LSA Request Challenge from WARTHOLE to \\ESKUELL >[2006/11/08 12:11:54, 5] rpc_parse/parse_net.c:init_q_req_chal(679) > init_q_req_chal: 679 >[2006/11/08 12:11:54, 5] rpc_parse/parse_net.c:init_q_req_chal(688) > init_q_req_chal: 688 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_req_chal >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 undoc_buffer: 00000001 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 0000000a >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 0000000a >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.E.S.K.U.E.L.L... >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_unistr2 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 uni_max_len: 00000009 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 offset : 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c uni_str_len: 00000009 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0030 buffer : W.A.R.T.H.O.L.E... >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000042 smb_io_chal >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0042 data: 6b d1 4f 90 24 c3 93 2f >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0062 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000002 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000004a >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 0004 >[2006/11/08 12:11:54, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x1003 >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=180 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4096 > smb_pid=12545 > smb_uid=6144 > smb_mid=7 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 98 (0x62) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 98 (0x62) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 4099 (0x1003) > smb_bcc=113 >[2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 62 00 00 00 02 00 00 00 4A .......b .......J > [020] 00 00 00 00 00 04 00 01 00 00 00 0A 00 00 00 00 ........ ........ > [030] 00 00 00 0A 00 00 00 5C 00 5C 00 45 00 53 00 4B .......\ .\.E.S.K > [040] 00 55 00 45 00 4C 00 4C 00 00 00 09 00 00 00 00 .U.E.L.L ........ > [050] 00 00 00 09 00 00 00 57 00 41 00 52 00 54 00 48 .......W .A.R.T.H > [060] 00 4F 00 4C 00 45 00 00 00 6B D1 4F 90 24 C3 93 .O.L.E.. .k.O.$.. > [070] 2F / >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,184) >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,184) wrote 184 >[2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 92 >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=12545 > smb_uid=6144 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) > [000] 62 05 00 02 03 10 00 00 00 24 00 00 00 02 00 00 b....... .$...... > [010] 00 0C 00 00 00 00 00 00 00 7A A3 F4 91 90 01 00 ........ .z...... > [020] 00 00 00 00 00 ..... >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=12545 > smb_uid=6144 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) > [000] 62 05 00 02 03 10 00 00 00 24 00 00 00 02 00 00 b....... .$...... > [010] 00 0C 00 00 00 00 00 00 00 7A A3 F4 91 90 01 00 ........ .z...... > [020] 00 00 00 00 00 ..... >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0024 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000002 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000000c >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0 >[2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 36 at offset 0 >[2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x1003 returned 24 bytes. >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_req_chal >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_chal >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0000 data: 7a a3 f4 91 90 01 00 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 0008 status: NT_STATUS_OK >[2006/11/08 12:11:54, 10] libsmb/credentials.c:creds_client_init(286) > creds_client_init: neg_flags : 400701ff >[2006/11/08 12:11:54, 10] libsmb/credentials.c:creds_client_init(287) > creds_client_init: client chal : 6BD14F9024C3932F >[2006/11/08 12:11:54, 10] libsmb/credentials.c:creds_client_init(288) > creds_client_init: server chal : 7AA3F49190010000 >[2006/11/08 12:11:54, 5] libsmb/credentials.c:creds_init_64(117) > creds_init_64 >[2006/11/08 12:11:54, 5] libsmb/credentials.c:creds_init_64(118) > clnt_chal_in: 6BD14F9024C3932F >[2006/11/08 12:11:54, 5] libsmb/credentials.c:creds_init_64(119) > srv_chal_in : 7AA3F49190010000 >[2006/11/08 12:11:54, 5] libsmb/credentials.c:creds_init_64(120) > clnt+srv : E5744422B4C4932F >[2006/11/08 12:11:54, 5] libsmb/credentials.c:creds_init_64(121) > sess_key_out : C92243A650B03F30 >[2006/11/08 12:11:54, 10] libsmb/credentials.c:creds_client_init(306) > creds_client_init: clnt : 027E0C7D8D5D3B33 >[2006/11/08 12:11:54, 10] libsmb/credentials.c:creds_client_init(307) > creds_client_init: server : DCAA19FB55DC7133 >[2006/11/08 12:11:54, 10] libsmb/credentials.c:creds_client_init(308) > creds_client_init: seed : 027E0C7D8D5D3B33 >[2006/11/08 12:11:54, 4] rpc_client/cli_netlogon.c:rpccli_net_auth2(168) > cli_net_auth2: srv:\\ESKUELL acct:WARTHOLE$ sc:2 mc: WARTHOLE neg: 400701ff >[2006/11/08 12:11:54, 5] rpc_parse/parse_net.c:init_q_auth_2(800) > init_q_auth_2: 800 >[2006/11/08 12:11:54, 5] rpc_parse/parse_misc.c:init_log_info(1409) > make_log_info 1409 >[2006/11/08 12:11:54, 5] rpc_parse/parse_net.c:init_q_auth_2(806) > init_q_auth_2: 806 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_auth_2 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_log_info >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 undoc_buffer: 00000001 >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 unistr2 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 0000000a >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 0000000a >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.E.S.K.U.E.L.L... >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_unistr2 unistr2 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 uni_max_len: 0000000a >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 offset : 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c uni_str_len: 0000000a >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0030 buffer : W.A.R.T.H.O.L.E.$... >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0044 sec_chan: 0002 >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000046 smb_io_unistr2 unistr2 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0048 uni_max_len: 00000009 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c offset : 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0050 uni_str_len: 00000009 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0054 buffer : W.A.R.T.H.O.L.E... >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000066 smb_io_chal >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0066 data: 02 7e 0c 7d 8d 5d 3b 33 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00006e net_io_neg_flags >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 neg_flags: 400701ff >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 008c >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000074 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 000f >[2006/11/08 12:11:54, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x1003 >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=222 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4096 > smb_pid=12545 > smb_uid=6144 > smb_mid=8 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 140 (0x8C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 140 (0x8C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 4099 (0x1003) > smb_bcc=155 >[2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 8C 00 00 00 03 00 00 00 74 ........ .......t > [020] 00 00 00 00 00 0F 00 01 00 00 00 0A 00 00 00 00 ........ ........ > [030] 00 00 00 0A 00 00 00 5C 00 5C 00 45 00 53 00 4B .......\ .\.E.S.K > [040] 00 55 00 45 00 4C 00 4C 00 00 00 0A 00 00 00 00 .U.E.L.L ........ > [050] 00 00 00 0A 00 00 00 57 00 41 00 52 00 54 00 48 .......W .A.R.T.H > [060] 00 4F 00 4C 00 45 00 24 00 00 00 02 00 00 00 09 .O.L.E.$ ........ > [070] 00 00 00 00 00 00 00 09 00 00 00 57 00 41 00 52 ........ ...W.A.R > [080] 00 54 00 48 00 4F 00 4C 00 45 00 00 00 02 7E 0C .T.H.O.L .E....~. > [090] 7D 8D 5D 3B 33 00 00 FF 01 07 40 }.];3... ..@ >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,226) >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,226) wrote 226 >[2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 96 >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=12545 > smb_uid=6144 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) > [000] 8C 05 00 02 03 10 00 00 00 28 00 00 00 03 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 DC AA 19 FB 55 DC 71 ........ .....U.q > [020] 33 FF 01 00 40 00 00 00 00 3...@... . >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=12545 > smb_uid=6144 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) > [000] 8C 05 00 02 03 10 00 00 00 28 00 00 00 03 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 DC AA 19 FB 55 DC 71 ........ .....U.q > [020] 33 FF 01 00 40 00 00 00 00 3...@... . >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0028 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000010 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0 >[2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 40 at offset 0 >[2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x1003 returned 32 bytes. >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_auth_2 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_chal >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0000 data: dc aa 19 fb 55 dc 71 33 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 net_io_neg_flags >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 neg_flags: 400001ff >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 000c status: NT_STATUS_OK >[2006/11/08 12:11:54, 10] libsmb/credentials.c:creds_client_check(325) > creds_client_check: credentials check OK. >[2006/11/08 12:11:54, 5] rpc_client/cli_netlogon.c:rpccli_netlogon_setup_creds(344) > rpccli_netlogon_setup_creds: server ESKUELL credential chain established. >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,108) >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,108) wrote 108 >[2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 103 >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=12545 > smb_uid=6144 > smb_mid=9 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 1024 (0x400) > smb_vwv[ 3]= 272 (0x110) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2006/11/08 12:11:54, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2040) > Bind RPC Pipe[1004]: \NETLOGON auth_type 2, auth_level 6 >[2006/11/08 12:11:54, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) > Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. > [010] 01 00 00 00 .... >[2006/11/08 12:11:54, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [010] 02 00 00 00 .... >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_auth_schannel_neg schannel_neg >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 type1: 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 type2: 00000003 >[2006/11/08 12:11:54, 6] lib/util.c:dump_data(2215) > [000] 4C 41 42 2D 52 52 LAB-RR >[2006/11/08 12:11:54, 6] lib/util.c:dump_data(2215) > [000] 57 41 52 54 48 4F 4C 45 WARTHOLE >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0068 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0018 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_rb >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_contexts: 01 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c context_id : 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001e num_transfer_syntaxes: 01 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001f smb_io_rpc_iface >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 12345678 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : 1234 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : abcd >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : ef 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 01 23 45 67 cf fb >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000001 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_rpc_iface >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_uuid uuid >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 data : 8a885d04 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 data : 1ceb >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a data : 11c9 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003c data : 9f e8 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003e data : 08 00 2b 10 48 60 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 version: 00000002 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000048 smb_io_rpc_hdr_auth hdr_auth >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0048 auth_type : 44 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0049 auth_level : 06 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 004a auth_pad_len : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 004b auth_reserved: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c auth_context_id: 00000001 >[2006/11/08 12:11:54, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x1004 >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=186 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4096 > smb_pid=12545 > smb_uid=6144 > smb_mid=10 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 104 (0x68) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 4100 (0x1004) > smb_bcc=119 >[2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 68 00 18 00 04 00 00 00 B8 .......h ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ > [060] 00 00 00 03 00 00 00 4C 41 42 2D 52 52 00 57 41 .......L AB-RR.WA > [070] 52 54 48 4F 4C 45 00 RTHOLE. >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,190) >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,190) wrote 190 >[2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 144 >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=12545 > smb_uid=6144 > smb_mid=10 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 88 (0x58) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=89 >[2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) > [000] 68 05 00 0C 03 10 00 00 00 58 00 0C 00 04 00 00 h....... .X...... > [010] 00 B8 10 B8 10 36 79 06 00 0C 00 5C 50 49 50 45 .....6y. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ > [050] 00 00 00 00 00 00 2C 1B 00 ......,. . >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=12545 > smb_uid=6144 > smb_mid=10 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 88 (0x58) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=89 >[2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) > [000] 68 05 00 0C 03 10 00 00 00 58 00 0C 00 04 00 00 h....... .X...... > [010] 00 B8 10 B8 10 36 79 06 00 0C 00 5C 50 49 50 45 .....6y. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ > [050] 00 00 00 00 00 00 2C 1B 00 ......,. . >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0058 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 000c >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 88 at offset 0 >[2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x1004 returned 88 bytes. >[2006/11/08 12:11:54, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2077) > rpc_pipe_bind: Remote machine ESKUELL pipe \NETLOGON fnum 0x1004 bind request returned ok. >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0058 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 000c >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_ba >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 00067936 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_addr_str >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0018 len: 000c >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a str: \PIPE\lsass. >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000026 smb_io_rpc_results >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0028 num_results: 01 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002c result : 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002e reason : 0000 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_rpc_iface >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_uuid uuid >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 data : 8a885d04 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0034 data : 1ceb >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0036 data : 11c9 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0038 data : 9f e8 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003a data : 08 00 2b 10 48 60 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 version: 00000002 >[2006/11/08 12:11:54, 5] rpc_client/cli_pipe.c:check_bind_response(1701) > check_bind_response: accepted! >[2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel_with_key(2534) > cli_rpc_pipe_open_schannel_with_key: opened pipe \NETLOGON to machine ESKUELL for domain LAB-RR and bound using schannel. >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,45) >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,45) wrote 45 >[2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=12545 > smb_uid=6144 > smb_mid=11 > smt_wct=0 > smb_bcc=0 >[2006/11/08 12:11:54, 10] libsmb/clientgen.c:cli_rpc_pipe_close(383) > cli_rpc_pipe_close: closed pipe \NETLOGON to machine ESKUELL >[2006/11/08 12:11:54, 10] libsmb/namequery.c:saf_store(70) > saf_store: domain = [LAB-RR], server = [ESKUELL], expire = [1162985214] >[2006/11/08 12:11:54, 10] lib/gencache.c:gencache_set(128) > Adding cache entry with key = SAF/DOMAIN/LAB-RR; value = ESKUELL and timeout = Wed Nov 8 12:26:54 2006 > (900 seconds ahead) >[2006/11/08 12:11:54, 5] libsmb/credentials.c:creds_step(148) > sequence = 0x4551bb7c >[2006/11/08 12:11:54, 5] libsmb/credentials.c:creds_step(150) > seed: 027E0C7D8D5D3B33 >[2006/11/08 12:11:54, 5] libsmb/credentials.c:creds_step(155) > seed+seq 7E395EC28D5D3B33 >[2006/11/08 12:11:54, 5] libsmb/credentials.c:creds_step(159) > CLIENT E3E5FF5B291EC937 >[2006/11/08 12:11:54, 5] libsmb/credentials.c:creds_step(164) > seed+seq+1 7F395EC28D5D3B33 >[2006/11/08 12:11:54, 5] libsmb/credentials.c:creds_step(168) > SERVER 3C3BE4CF15D2A03E >[2006/11/08 12:11:54, 5] libsmb/credentials.c:creds_reseed(238) > cred_reseed: seed 7F395EC28D5D3B33 >[2006/11/08 12:11:54, 5] rpc_parse/parse_net.c:init_id_info2(1181) > init_id_info2: 1181 >[2006/11/08 12:11:54, 5] rpc_parse/parse_misc.c:init_logon_id(1588) > make_logon_id: 1588 >[2006/11/08 12:11:54, 5] rpc_parse/parse_net.c:init_sam_info(1275) > init_sam_info: 1275 >[2006/11/08 12:11:54, 5] rpc_parse/parse_misc.c:init_clnt_info2(1503) > make_clnt_info: 1503 >[2006/11/08 12:11:54, 5] rpc_parse/parse_misc.c:init_clnt_srv(1348) > init_clnt_srv: 1348 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_sam_logon >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_sam_info >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_clnt_info2 >[2006/11/08 12:11:54, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_clnt_srv >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 undoc_buffer : 00000001 >[2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 unistr2 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 0000000a >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 0000000a >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.E.S.K.U.E.L.L... >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 undoc_buffer2: 00000001 >[2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_unistr2 unistr2 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 uni_max_len: 00000009 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c offset : 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 uni_str_len: 00000009 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0034 buffer : W.A.R.T.H.O.L.E... >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0048 ptr_cred: 00000001 >[2006/11/08 12:11:54, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00004c smb_io_cred >[2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00004c smb_io_chal >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 004c data: e3 e5 ff 5b 29 1e c9 37 >[2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000054 smb_io_utime >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 time: 4551bb7c >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0058 ptr_rtn_cred : 00000001 >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00005c smb_io_cred >[2006/11/08 12:11:54, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00005c smb_io_chal >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 005c data: 00 00 00 00 00 00 00 00 >[2006/11/08 12:11:54, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000064 smb_io_utime >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 time: 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0068 logon_level : 0002 >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00006a smb_io_sam_info_ctr logon_info >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006a switch_value : 0002 >[2006/11/08 12:11:54, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00006c net_io_id_info2 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c ptr_id_info2: 00000001 >[2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000070 smb_io_unihdr unihdr >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0070 uni_str_len: 000c >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0072 uni_max_len: 000c >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 buffer : 00000001 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 param_ctrl: 00000820 >[2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00007c smb_io_logon_id >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c low : 0000dead >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0080 high: 0000beef >[2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000084 smb_io_unihdr unihdr >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0084 uni_str_len: 000c >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0086 uni_max_len: 000c >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0088 buffer : 00000001 >[2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00008c smb_io_unihdr unihdr >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 008c uni_str_len: 000e >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 008e uni_max_len: 000e >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0090 buffer : 00000001 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0094 lm_chal: 58 e8 63 9d ad dc 2e 70 >[2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00009c smb_io_strhdr hdr_nt_chal_resp >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009c str_str_len: 0018 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009e str_max_len: 0018 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a0 buffer : 00000001 >[2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000a4 smb_io_strhdr hdr_lm_chal_resp >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a4 str_str_len: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a6 str_max_len: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a8 buffer : 00000000 >[2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000ac smb_io_unistr2 uni_domain_name >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ac uni_max_len: 00000006 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b0 offset : 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b4 uni_str_len: 00000006 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00b8 buffer : L.A.B.-.R.R. >[2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000c4 smb_io_unistr2 uni_user_name >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 uni_max_len: 00000006 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c8 offset : 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00cc uni_str_len: 00000006 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00d0 buffer : w.w.w.u.t.z. >[2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000dc smb_io_unistr2 uni_wksta_name >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00dc uni_max_len: 00000007 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e0 offset : 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e4 uni_str_len: 00000007 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00e8 buffer : \.\.W.A.L.D.I. >[2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000f6 smb_io_string2 nt_chal_resp >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f8 str_max_len: 00000018 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00fc offset : 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0100 str_str_len: 00000018 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_string2(1096) > 0104 buffer : ....,~....(....8|..*..gi >[2006/11/08 12:11:54, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00011c smb_io_string2 - NULL lm_chal_resp >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 011c validation_level: 0003 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0160 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0020 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000005 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000011e >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 0002 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000138 smb_io_rpc_hdr_auth hdr_auth >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0138 auth_type : 44 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0139 auth_level : 06 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 013a auth_pad_len : 02 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 013b auth_reserved: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 013c auth_context_id: 00000001 >[2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1356) > add_schannel_auth_footer: SCHANNEL seq_num=0 >[2006/11/08 12:11:54, 10] rpc_parse/parse_prs.c:schannel_encode(1633) > SCHANNEL: schannel_encode seq_num=0 data_len=288 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000140 smb_io_rpc_auth_schannel_chk >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0140 sig : 77 00 7a 00 ff ff 00 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0148 seq_num: b7 be 64 e1 61 dc 94 d6 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0150 packet_digest: a8 ee a6 25 fc 09 13 89 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0158 confounder: e0 ec 47 22 05 1f a2 61 >[2006/11/08 12:11:54, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x1004 >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=434 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=4096 > smb_pid=12545 > smb_uid=6144 > smb_mid=12 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 352 (0x160) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 352 (0x160) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 4100 (0x1004) > smb_bcc=367 >[2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 60 01 20 00 05 00 00 00 1E .......` . ...... > [020] 01 00 00 00 00 02 00 40 5A BD CE B4 DD EA 39 B5 .......@ Z.....9. > [030] 94 DD 2A 53 5C A7 47 E6 E8 FB 82 9E 73 F4 7F 1A ..*S\.G. ....s... > [040] E9 C1 43 0D 42 39 2A 9F 50 81 AF 5F 42 5F 54 B4 ..C.B9*. P.._B_T. > [050] 86 E7 68 E2 85 61 6D 62 C7 A6 78 FB 7D 64 E9 1D ..h..amb ..x.}d.. > [060] CD 19 E9 51 D3 C8 0F 21 01 7A FA 24 F3 45 6A EC ...Q...! .z.$.Ej. > [070] 81 7E 4C E1 09 E3 51 8A 52 2B 5C 87 D9 5C 04 51 .~L...Q. R+\..\.Q > [080] 4B 9E 76 84 9D 05 E0 74 F6 BD 1C 46 DF 1A DE CC K.v....t ...F.... > [090] 12 D2 37 5A DB C5 3C 9C 44 A5 AA 7D 12 6D 2D 31 ..7Z..<. D..}.m-1 > [0A0] 64 CE 90 C1 90 42 7D 8E BE 19 D2 D7 1E 3D 80 79 d....B}. .....=.y > [0B0] 1C 11 0B 4E 47 62 35 58 21 0C E2 EE 3F E9 C9 77 ...NGb5X !...?..w > [0C0] 5F BD 8F 4E DE 77 05 EF F9 85 05 FE 0A 2A DC 14 _..N.w.. .....*.. > [0D0] 53 CD 0E 43 A2 6F 6A 90 B1 B0 A0 F3 07 58 83 D4 S..C.oj. .....X.. > [0E0] 71 48 4E 7B 21 94 7D 21 8A A3 BD 8D 79 4F 85 66 qHN{!.}! ....yO.f > [0F0] 6E 12 EB AF 08 3A E3 EC EE 2F 51 AB 4D 3D DB 48 n....:.. ./Q.M=.H > [100] 99 0F CE D6 33 68 E0 2A 5B DA 34 A6 02 E9 1E F4 ....3h.* [.4..... > [110] 7E 9C 89 21 E8 B9 4D 66 C9 06 1D 59 9E A2 30 F1 ~..!..Mf ...Y..0. > [120] 1C 24 F5 D1 0F 7D 0C 95 98 63 BA 08 66 E8 17 67 .$...}.. .c..f..g > [130] A9 CF 7B 34 28 FF 7A 84 85 4A 5B BA 3C DD ED 29 ..{4(.z. .J[.<..) > [140] 50 03 B5 DF 1A B8 7F 44 06 02 00 01 00 00 00 77 P......D .......w > [150] 00 7A 00 FF FF 00 00 B7 BE 64 E1 61 DC 94 D6 A8 .z...... .d.a.... > [160] EE A6 25 FC 09 13 89 E0 EC 47 22 05 1F A2 61 ..%..... .G"...a >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,438) >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,438) wrote 438 >[2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 456 >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=456 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=12545 > smb_uid=6144 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 400 (0x190) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 400 (0x190) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=401 >[2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) > [000] 60 05 00 02 03 10 00 00 00 90 01 20 00 05 00 00 `....... ... .... > [010] 00 50 01 00 00 00 00 00 00 04 8A 23 82 74 B7 3B .P...... ...#.t.; > [020] 1A CD 68 40 F6 E9 80 CB 89 EF 4F C1 FB 74 77 DD ..h@.... ..O..tw. > [030] 87 1C 64 A9 65 D4 83 94 E1 AF F6 5C CD B7 AC 13 ..d.e... ...\.... > [040] 88 C3 0C DD 31 4B 2C F6 EC 5C 48 A0 9A EB 7A 02 ....1K,. .\H...z. > [050] 5C 1D 0D 46 85 ED 2E 06 8F B0 EE E7 5D 37 EC 7B \..F.... ....]7.{ > [060] 89 56 AB D3 50 62 6E 67 E8 01 46 FE F9 BC 14 D6 .V..Pbng ..F..... > [070] 48 72 7A A4 5B EC 61 89 8A 0E 89 90 1C 3A 83 07 Hrz.[.a. .....:.. > [080] 01 9F 39 78 1D 9E 7E 22 F8 49 31 83 CC FC BA 76 ..9x..~" .I1....v > [090] F8 E3 E7 D5 07 16 F4 88 21 37 D6 E3 DB B3 B4 6D ........ !7.....m > [0A0] 96 57 95 6F F0 AA FB 9E 56 F2 73 0D 22 84 83 DA .W.o.... V.s."... > [0B0] 83 4D 01 8D CF E0 30 0B 0D BA 00 67 EE 5B 44 23 .M....0. ...g.[D# > [0C0] 2D 6D DB 11 E7 15 78 74 34 93 02 59 67 AF 54 A8 -m....xt 4..Yg.T. > [0D0] 6B 23 A0 37 F6 78 F8 8E 10 6C 7A BC 91 36 DE CD k#.7.x.. .lz..6.. > [0E0] 1C 45 1E 3A 9F D8 4B DF D7 AE 83 84 B5 BD 7E A0 .E.:..K. ......~. > [0F0] 1A E8 B6 31 FE BC FB B4 BE B5 C7 53 0D A5 4D 7E ...1.... ...S..M~ > [100] E1 F5 93 74 0F 46 06 3F 57 5E 4D F0 73 CB F0 10 ...t.F.? W^M.s... > [110] D1 43 4A A5 0E B8 F4 8D B9 19 1E 85 F4 AD 24 60 .CJ..... ......$` > [120] C0 AE 2B 84 CC 04 62 56 0C A8 9C DF 18 BF 7D D3 ..+...bV ......}. > [130] BE E3 F1 E9 60 EA 68 1A F1 01 9D 06 BF 3F 90 00 ....`.h. .....?.. > [140] 3C F9 D7 C1 7F C1 72 E4 6D 47 18 05 B5 62 A9 D8 <.....r. mG...b.. > [150] DF 54 FA 84 84 5C 77 FA 51 DF 0C B5 4E F1 5F 44 .T...\w. Q...N._D > [160] 3F 5C C8 2D 40 8B EF 6A 69 44 06 00 00 01 00 00 ?\.-@..j iD...... > [170] 00 77 00 7A 00 FF FF 00 00 76 39 F5 1B BE 4F 25 .w.z.... .v9...O% > [180] A6 6E 30 4D 74 89 7B 7C F2 46 9B A5 06 58 14 EF .n0Mt.{| .F...X.. > [190] 29 ) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=456 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=12545 > smb_uid=6144 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 400 (0x190) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 400 (0x190) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=401 >[2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) > [000] 60 05 00 02 03 10 00 00 00 90 01 20 00 05 00 00 `....... ... .... > [010] 00 50 01 00 00 00 00 00 00 04 8A 23 82 74 B7 3B .P...... ...#.t.; > [020] 1A CD 68 40 F6 E9 80 CB 89 EF 4F C1 FB 74 77 DD ..h@.... ..O..tw. > [030] 87 1C 64 A9 65 D4 83 94 E1 AF F6 5C CD B7 AC 13 ..d.e... ...\.... > [040] 88 C3 0C DD 31 4B 2C F6 EC 5C 48 A0 9A EB 7A 02 ....1K,. .\H...z. > [050] 5C 1D 0D 46 85 ED 2E 06 8F B0 EE E7 5D 37 EC 7B \..F.... ....]7.{ > [060] 89 56 AB D3 50 62 6E 67 E8 01 46 FE F9 BC 14 D6 .V..Pbng ..F..... > [070] 48 72 7A A4 5B EC 61 89 8A 0E 89 90 1C 3A 83 07 Hrz.[.a. .....:.. > [080] 01 9F 39 78 1D 9E 7E 22 F8 49 31 83 CC FC BA 76 ..9x..~" .I1....v > [090] F8 E3 E7 D5 07 16 F4 88 21 37 D6 E3 DB B3 B4 6D ........ !7.....m > [0A0] 96 57 95 6F F0 AA FB 9E 56 F2 73 0D 22 84 83 DA .W.o.... V.s."... > [0B0] 83 4D 01 8D CF E0 30 0B 0D BA 00 67 EE 5B 44 23 .M....0. ...g.[D# > [0C0] 2D 6D DB 11 E7 15 78 74 34 93 02 59 67 AF 54 A8 -m....xt 4..Yg.T. > [0D0] 6B 23 A0 37 F6 78 F8 8E 10 6C 7A BC 91 36 DE CD k#.7.x.. .lz..6.. > [0E0] 1C 45 1E 3A 9F D8 4B DF D7 AE 83 84 B5 BD 7E A0 .E.:..K. ......~. > [0F0] 1A E8 B6 31 FE BC FB B4 BE B5 C7 53 0D A5 4D 7E ...1.... ...S..M~ > [100] E1 F5 93 74 0F 46 06 3F 57 5E 4D F0 73 CB F0 10 ...t.F.? W^M.s... > [110] D1 43 4A A5 0E B8 F4 8D B9 19 1E 85 F4 AD 24 60 .CJ..... ......$` > [120] C0 AE 2B 84 CC 04 62 56 0C A8 9C DF 18 BF 7D D3 ..+...bV ......}. > [130] BE E3 F1 E9 60 EA 68 1A F1 01 9D 06 BF 3F 90 00 ....`.h. .....?.. > [140] 3C F9 D7 C1 7F C1 72 E4 6D 47 18 05 B5 62 A9 D8 <.....r. mG...b.. > [150] DF 54 FA 84 84 5C 77 FA 51 DF 0C B5 4E F1 5F 44 .T...\w. Q...N._D > [160] 3F 5C C8 2D 40 8B EF 6A 69 44 06 00 00 01 00 00 ?\.-@..j iD...... > [170] 00 77 00 7A 00 FF FF 00 00 76 39 F5 1B BE 4F 25 .w.z.... .v9...O% > [180] A6 6E 30 4D 74 89 7B 7C F2 46 9B A5 06 58 14 EF .n0Mt.{| .F...X.. > [190] 29 ) >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0190 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0020 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000005 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000150 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000168 smb_io_rpc_hdr_auth hdr_auth >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0168 auth_type : 44 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0169 auth_level : 06 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 016a auth_pad_len : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 016b auth_reserved: 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 016c auth_context_id: 00000001 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000170 smb_io_rpc_auth_schannel_chk >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0170 sig : 77 00 7a 00 ff ff 00 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0178 seq_num: 76 39 f5 1b be 4f 25 a6 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0180 packet_digest: 6e 30 4d 74 89 7b 7c f2 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0188 confounder: 46 9b a5 06 58 14 ef 29 >[2006/11/08 12:11:54, 10] rpc_parse/parse_prs.c:schannel_decode(1710) > SCHANNEL: schannel_decode seq_num=1 data_len=336 >[2006/11/08 12:11:54, 10] rpc_parse/parse_prs.c:schannel_decode(1730) > SCHANNEL: schannel_decode seq_num=1 data_len=336 >[2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 400, data_len 336, ss_len 0 >[2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 400 at offset 0 >[2006/11/08 12:11:54, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x1004 returned 672 bytes. >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_sam_logon >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 buffer_creds: 0019306c >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_cred >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_chal >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0004 data: 3c 3b e4 cf 15 d2 a0 3e >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00000c smb_io_utime >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c time: 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 switch_value: 0003 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 net_io_user_info3 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 ptr_user_info : 0015aed8 >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_time logon time >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 low : 6dc42ed0 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c high: 01c70314 >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_time logoff time >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 low : ffffffff >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 high: 7fffffff >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_time kickoff time >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 low : ffffffff >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c high: 7fffffff >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_time last set time >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 low : e66ea200 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 high: 01bb61e6 >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_time can change time >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0038 low : e66ea200 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c high: 01bb61e6 >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000040 smb_io_time must change time >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 low : ffffffff >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 high: 7fffffff >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000048 smb_io_unihdr hdr_user_name >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0048 uni_str_len: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 004a uni_max_len: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c buffer : 00000000 >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000050 smb_io_unihdr hdr_full_name >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0050 uni_str_len: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0052 uni_max_len: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 buffer : 00000000 >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000058 smb_io_unihdr hdr_logon_script >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0058 uni_str_len: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 005a uni_max_len: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c buffer : 00000000 >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000060 smb_io_unihdr hdr_profile_path >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0060 uni_str_len: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0062 uni_max_len: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 buffer : 00000000 >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000068 smb_io_unihdr hdr_home_dir >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0068 uni_str_len: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006a uni_max_len: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c buffer : 00000000 >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000070 smb_io_unihdr hdr_dir_drive >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0070 uni_str_len: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0072 uni_max_len: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 buffer : 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0078 logon_count : 0419 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 007a bad_pw_count : 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c user_rid : 0000040d >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0080 group_rid : 00000417 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0084 num_groups : 00000002 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0088 buffer_groups : 0015afa4 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 008c user_flgs : 00000120 >[2006/11/08 12:11:54, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) > dump_user_flgs > account has LOGON_EXTRA_SIDS > account has LOGON_NTLMV2_ENABLED >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0090 user_sess_key: 9f 82 ad 73 b4 fb b2 71 c0 fa 7f 1e 52 0a 0d fb >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000a0 smb_io_unihdr hdr_logon_srv >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a0 uni_str_len: 000e >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a2 uni_max_len: 0010 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a4 buffer : 0015afcc >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000a8 smb_io_unihdr hdr_logon_dom >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a8 uni_str_len: 000c >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00aa uni_max_len: 000e >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ac buffer : 0015afdc >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b0 buffer_dom_id : 0015afb4 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00b4 lm_sess_key: fd fb fe ec 48 07 41 1f >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00bc acct_flags : 00000000 >[2006/11/08 12:11:54, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) > dump_acct_flags >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c0 unkown: 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 unkown: 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c8 unkown: 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00cc unkown: 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d0 unkown: 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d4 unkown: 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d8 unkown: 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00dc num_other_sids: 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e0 buffer_other_sids: 00000000 >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unistr2 - NULL uni_user_name >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unistr2 - NULL uni_full_name >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unistr2 - NULL uni_logon_script >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unistr2 - NULL uni_profile_path >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unistr2 - NULL uni_home_dir >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unistr2 - NULL uni_dir_drive >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e4 num_groups2 : 00000002 >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e8 smb_io_gid >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e8 g_rid: 00000201 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ec attr : 00000007 >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000f0 smb_io_gid >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f0 g_rid: 00000417 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f4 attr : 00000007 >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000f8 smb_io_unistr2 uni_logon_srv >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f8 uni_max_len: 00000008 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00fc offset : 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0100 uni_str_len: 00000007 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0104 buffer : E.S.K.U.E.L.L. >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000112 smb_io_unistr2 uni_logon_dom >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0114 uni_max_len: 00000007 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0118 offset : 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 011c uni_str_len: 00000006 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0120 buffer : L.A.B.-.R.R. >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00012c smb_io_dom_sid2 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 012c num_auths: 00000004 >[2006/11/08 12:11:54, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000130 smb_io_dom_sid sid >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0130 sid_rev_num: 01 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0131 num_auths : 04 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0132 id_auth[0] : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0133 id_auth[1] : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0134 id_auth[2] : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0135 id_auth[3] : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0136 id_auth[4] : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0137 id_auth[5] : 05 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0138 sub_auths : 00000015 7b7e4147 61020126 26126b85 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0148 auth_resp : 00490001 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 014c status : NT_STATUS_OK >[2006/11/08 12:11:54, 10] libsmb/credentials.c:creds_client_check(325) > creds_client_check: credentials check OK. >[2006/11/08 12:11:54, 10] passdb/secrets.c:secrets_named_mutex_release(791) > secrets_named_mutex: released mutex for ESKUELL >[2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user LAB-RR\wwwutz >[2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is lab-rr\wwwutz >[2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_internals(82) > Trying _Get_Pwnam(), username as given is LAB-RR\wwwutz >[2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_internals(92) > Trying _Get_Pwnam(), username as uppercase is LAB-RR\WWWUTZ >[2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_internals(101) > Checking combinations of 0 uppercase letters in lab-rr\wwwutz >[2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_internals(107) > Get_Pwnam_internals didn't find user [LAB-RR\wwwutz]! >[2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user wwwutz >[2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is wwwutz >[2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_internals(107) > Get_Pwnam_internals did find user [wwwutz]! >[2006/11/08 12:11:54, 5] auth/auth_util.c:fill_sam_account(1532) > fill_sam_account: located username was [wwwutz] >[2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_username(533) > pdb_set_username: setting username wwwutz, was >[2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_fullname(602) > pdb_set_full_name: setting full name Peter Marquardt,R031,1430,, was >[2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_domain(556) > pdb_set_domain: setting domain WARTHOLE, was >[2006/11/08 12:11:54, 4] lib/substitute.c:automount_server(407) > Home server: warthole >[2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_profile_path(648) > pdb_set_profile_path: setting profile path \\warthole\wwwutz\profile, was >[2006/11/08 12:11:54, 4] lib/substitute.c:automount_server(407) > Home server: warthole >[2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_homedir(695) > pdb_set_homedir: setting home dir \\warthole\wwwutz, was >[2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(671) > pdb_set_dir_drive: setting dir drive , was NULL >[2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_logon_script(625) > pdb_set_logon_script: setting logon script , was >[2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_user_sid(462) > pdb_set_user_sid: setting user sid S-1-5-21-3841262117-2652492237-290310771-1260 >[2006/11/08 12:11:54, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-3841262117-2652492237-290310771-1260 from rid 1260 >[2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_nt_username(579) > pdb_set_nt_username: setting nt username wwwutz, was >[2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_username(533) > pdb_set_username: setting username wwwutz, was wwwutz >[2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_domain(556) > pdb_set_domain: setting domain LAB-RR, was WARTHOLE >[2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_user_sid(462) > pdb_set_user_sid: setting user sid S-1-5-21-2071871815-1627521318-638741381-1037 >[2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_group_sid(520) > pdb_set_group_sid: setting group sid S-1-5-21-3841262117-2652492237-290310771-513 >[2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_fullname(602) > pdb_set_full_name: setting full name , was Peter Marquardt,R031,1430, >[2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_logon_script(625) > pdb_set_logon_script: setting logon script , was >[2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_profile_path(648) > pdb_set_profile_path: setting profile path , was \\warthole\wwwutz\profile >[2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_homedir(695) > pdb_set_homedir: setting home dir , was \\warthole\wwwutz >[2006/11/08 12:11:54, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(671) > pdb_set_dir_drive: setting dir drive , was >[2006/11/08 12:11:54, 10] libsmb/samlogon_cache.c:netsamlogon_cache_store(134) > netsamlogon_cache_store: SID [S-1-5-21-2071871815-1627521318-638741381-1037] >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 timestamp: 4551bb7a >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000004 net_io_user_info3 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 ptr_user_info : 0015aed8 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_time logon time >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 low : 6dc42ed0 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c high: 01c70314 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_time logoff time >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 low : ffffffff >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 high: 7fffffff >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_time kickoff time >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 low : ffffffff >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c high: 7fffffff >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_time last set time >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 low : e66ea200 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 high: 01bb61e6 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_time can change time >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 low : e66ea200 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c high: 01bb61e6 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_time must change time >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 low : ffffffff >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 high: 7fffffff >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_unihdr hdr_user_name >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 uni_str_len: 000e >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a uni_max_len: 000e >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c buffer : 00000001 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000040 smb_io_unihdr hdr_full_name >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0040 uni_str_len: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0042 uni_max_len: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 buffer : 00000000 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000048 smb_io_unihdr hdr_logon_script >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0048 uni_str_len: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 004a uni_max_len: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c buffer : 00000000 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000050 smb_io_unihdr hdr_profile_path >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0050 uni_str_len: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0052 uni_max_len: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 buffer : 00000000 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000058 smb_io_unihdr hdr_home_dir >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0058 uni_str_len: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 005a uni_max_len: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c buffer : 00000000 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000060 smb_io_unihdr hdr_dir_drive >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0060 uni_str_len: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0062 uni_max_len: 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 buffer : 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0068 logon_count : 0419 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006a bad_pw_count : 0000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c user_rid : 0000040d >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 group_rid : 00000417 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 num_groups : 00000002 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 buffer_groups : 0015afa4 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c user_flgs : 00000120 >[2006/11/08 12:11:54, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) > dump_user_flgs > account has LOGON_EXTRA_SIDS > account has LOGON_NTLMV2_ENABLED >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0080 user_sess_key: 09 94 83 62 f1 7d 25 a6 3b 56 b0 b6 7b 29 b5 d2 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000090 smb_io_unihdr hdr_logon_srv >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0090 uni_str_len: 000e >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0092 uni_max_len: 0010 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0094 buffer : 0015afcc >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000098 smb_io_unihdr hdr_logon_dom >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0098 uni_str_len: 000c >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009a uni_max_len: 000e >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 009c buffer : 0015afdc >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a0 buffer_dom_id : 0015afb4 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00a4 lm_sess_key: 6b ed d0 fd 0d 81 d6 c8 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ac acct_flags : 00000000 >[2006/11/08 12:11:54, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) > dump_acct_flags >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b0 unkown: 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b4 unkown: 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b8 unkown: 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00bc unkown: 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c0 unkown: 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 unkown: 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c8 unkown: 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00cc num_other_sids: 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d0 buffer_other_sids: 00000000 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000d4 smb_io_unistr2 uni_user_name >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d4 uni_max_len: 00000007 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d8 offset : 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00dc uni_str_len: 00000007 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00e0 buffer : w.w.w.u.t.z... >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ee smb_io_unistr2 - NULL uni_full_name >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ee smb_io_unistr2 - NULL uni_logon_script >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ee smb_io_unistr2 - NULL uni_profile_path >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ee smb_io_unistr2 - NULL uni_home_dir >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ee smb_io_unistr2 - NULL uni_dir_drive >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f0 num_groups2 : 00000002 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000f4 smb_io_gid >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f4 g_rid: 00000201 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f8 attr : 00000007 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000fc smb_io_gid >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00fc g_rid: 00000417 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0100 attr : 00000007 >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000104 smb_io_unistr2 uni_logon_srv >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0104 uni_max_len: 00000008 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0108 offset : 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 010c uni_str_len: 00000007 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0110 buffer : E.S.K.U.E.L.L. >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00011e smb_io_unistr2 uni_logon_dom >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0120 uni_max_len: 00000007 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0124 offset : 00000000 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0128 uni_str_len: 00000006 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 012c buffer : L.A.B.-.R.R. >[2006/11/08 12:11:54, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000138 smb_io_dom_sid2 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0138 num_auths: 00000004 >[2006/11/08 12:11:54, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00013c smb_io_dom_sid sid >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 013c sid_rev_num: 01 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 013d num_auths : 04 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 013e id_auth[0] : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 013f id_auth[1] : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0140 id_auth[2] : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0141 id_auth[3] : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0142 id_auth[4] : 00 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0143 id_auth[5] : 05 >[2006/11/08 12:11:54, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0144 sub_auths : 00000015 7b7e4147 61020126 26126b85 >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,45) >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,45) wrote 45 >[2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=12545 > smb_uid=6144 > smb_mid=13 > smt_wct=0 > smb_bcc=0 >[2006/11/08 12:11:54, 10] libsmb/clientgen.c:cli_rpc_pipe_close(383) > cli_rpc_pipe_close: closed pipe \NETLOGON to machine ESKUELL >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,39) >[2006/11/08 12:11:54, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,39) wrote 39 >[2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=4096 > smb_pid=12545 > smb_uid=6144 > smb_mid=14 > smt_wct=0 > smb_bcc=0 >[2006/11/08 12:11:54, 3] auth/auth.c:check_ntlm_password(269) > check_ntlm_password: winbind authentication for user [wwwutz] succeeded >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:54, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:54, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:54, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:54, 5] auth/auth.c:check_ntlm_password(295) > check_ntlm_password: PAM Account for user [wwwutz] succeeded >[2006/11/08 12:11:54, 2] auth/auth.c:check_ntlm_password(304) > check_ntlm_password: authentication for user [wwwutz] -> [wwwutz] -> [wwwutz] succeeded >[2006/11/08 12:11:54, 5] auth/auth_util.c:free_user_info(1866) > attempting to free (and zero) a user_info structure >[2006/11/08 12:11:54, 10] auth/auth_util.c:free_user_info(1869) > structure was created for wwwutz >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: WARTHOLE\wwwutz => WARTHOLE (domain), wwwutz (name) >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:54, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:54, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:54, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:54, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) > getsampwnam (smbpasswd): search by name: wwwutz >[2006/11/08 12:11:54, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) > startsmbfilepwent_internal: opening file /var/samba/private/smbpasswd >[2006/11/08 12:11:54, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) > getsmbfilepwent: end of file reached. >[2006/11/08 12:11:54, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) > endsmbfilepwent_internal: closed password file. >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:54, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:54, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:54, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: Unix User\wwwutz => Unix User (domain), wwwutz (name) >[2006/11/08 12:11:54, 10] lib/util_pw.c:getpwnam_alloc(76) > Got wwwutz from pwnam_cache >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_uid(1209) > sid_to_uid: S-1-22-1-130 -> 130 >[2006/11/08 12:11:54, 10] lib/system_smbd.c:sys_getgrouplist(125) > sys_getgrouplist: user [wwwutz] >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:54, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:54, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:54, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 15 -> S-1-22-2-15 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 12003 -> S-1-22-2-12003 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 121 -> S-1-22-2-121 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 20 -> S-1-22-2-20 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 209 -> S-1-22-2-209 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 263 -> S-1-22-2-263 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 219 -> S-1-22-2-219 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 352 -> S-1-22-2-352 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 0 -> S-1-22-2-0 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 257 -> S-1-22-2-257 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 1000 -> S-1-22-2-1000 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 369 -> S-1-22-2-369 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 154 -> S-1-22-2-154 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 400 -> S-1-22-2-400 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 5000 -> S-1-22-2-5000 >[2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-1-130] >[2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-15] >[2006/11/08 12:11:54, 5] lib/privileges.c:get_privileges_for_sids(458) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: > SE_PRIV 0x0 0x0 0x0 0x0 >[2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-12003] >[2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-121] >[2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-20] >[2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-209] >[2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-263] >[2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-219] >[2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-352] >[2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-0] >[2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-257] >[2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-1000] >[2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-369] >[2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-154] >[2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-400] >[2006/11/08 12:11:54, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-5000] >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-15 -> 15 >[2006/11/08 12:11:54, 10] auth/auth_util.c:create_local_token(1022) > Could not convert SID S-1-1-0 to gid, ignoring it >[2006/11/08 12:11:54, 10] auth/auth_util.c:create_local_token(1022) > Could not convert SID S-1-5-2 to gid, ignoring it >[2006/11/08 12:11:54, 10] auth/auth_util.c:create_local_token(1022) > Could not convert SID S-1-5-11 to gid, ignoring it >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-12003 -> 12003 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-121 -> 121 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-20 -> 20 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-209 -> 209 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-263 -> 263 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-219 -> 219 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-352 -> 352 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-0 -> 0 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-257 -> 257 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-1000 -> 1000 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-369 -> 369 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-154 -> 154 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-400 -> 400 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-5000 -> 5000 >[2006/11/08 12:11:54, 10] auth/auth_util.c:debug_nt_user_token(452) > NT user token of user S-1-22-1-130 > contains 19 SIDs > SID[ 0]: S-1-22-1-130 > SID[ 1]: S-1-22-2-15 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-12003 > SID[ 6]: S-1-22-2-121 > SID[ 7]: S-1-22-2-20 > SID[ 8]: S-1-22-2-209 > SID[ 9]: S-1-22-2-263 > SID[ 10]: S-1-22-2-219 > SID[ 11]: S-1-22-2-352 > SID[ 12]: S-1-22-2-0 > SID[ 13]: S-1-22-2-257 > SID[ 14]: S-1-22-2-1000 > SID[ 15]: S-1-22-2-369 > SID[ 16]: S-1-22-2-154 > SID[ 17]: S-1-22-2-400 > SID[ 18]: S-1-22-2-5000 > SE_PRIV 0x0 0x0 0x0 0x0 >[2006/11/08 12:11:54, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(132) > Got NT session key of length 16 >[2006/11/08 12:11:54, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(139) > Got LM session key of length 8 >[2006/11/08 12:11:54, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(738) > ntlmssp_server_auth: Created NTLM2 session key. >[2006/11/08 12:11:54, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) > NTLMSSP Sign/Seal - Initialising with flags: >[2006/11/08 12:11:54, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0xe0088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP_NEGOTIATE_56 >[2006/11/08 12:11:54, 10] smbd/password.c:register_vuid(185) > register_vuid: allocated vuid = 101 >[2006/11/08 12:11:54, 10] lib/util_pw.c:getpwnam_alloc(76) > Got wwwutz from pwnam_cache >[2006/11/08 12:11:54, 10] smbd/password.c:register_vuid(273) > register_vuid: (130,15) wwwutz wwwutz LAB-RR guest=0 >[2006/11/08 12:11:54, 3] smbd/password.c:register_vuid(279) > User name: wwwutz Real name: >[2006/11/08 12:11:54, 3] smbd/password.c:register_vuid(300) > UNIX uid 130 is UNIX user wwwutz, and will be vuid 101 >[2006/11/08 12:11:54, 7] param/loadparm.c:lp_servicenumber(5112) > lp_servicenumber: couldn't find wwwutz >[2006/11/08 12:11:54, 3] smbd/password.c:register_vuid(330) > Adding homes service for user 'wwwutz' using home directory: '/home/wwwutz' >[2006/11/08 12:11:54, 8] param/loadparm.c:add_a_service(2494) > add_a_service: Creating snum = 346 for wwwutz >[2006/11/08 12:11:54, 10] param/loadparm.c:hash_a_service(2541) > hash_a_service: hashing index 346 for service name wwwutz >[2006/11/08 12:11:54, 3] param/loadparm.c:lp_add_home(2587) > adding home's share [wwwutz] for user 'wwwutz' at '/home/wwwutz' >[2006/11/08 12:11:54, 6] param/loadparm.c:lp_file_list_changed(2998) > lp_file_list_changed() > file /usr/local/samba/etc/smb.conf.service.bkps -> /usr/local/samba/etc/smb.conf.service.bkps last mod_time: Tue Nov 7 10:59:35 2006 > > file /usr/local/samba/etc/smb.conf.global.%h -> /usr/local/samba/etc/smb.conf.global.warthole last mod_time: Thu Jan 1 01:00:00 1970 > > file /usr/local/samba/etc/smb.conf.global -> /usr/local/samba/etc/smb.conf.global last mod_time: Tue Nov 7 10:59:35 2006 > > file /usr/local/samba/etc/smb.conf -> /usr/local/samba/etc/smb.conf last mod_time: Wed Nov 8 12:11:08 2006 > >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=104 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=20160 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=61 >[2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) > [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x > [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 > [020] 00 2E 00 30 00 2E 00 32 00 33 00 63 00 00 00 4C ...0...2 .3.c...L > [030] 00 41 00 42 00 2D 00 52 00 52 00 00 00 .A.B.-.R .R... >[2006/11/08 12:11:54, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: 60 >[2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 82 >[2006/11/08 12:11:54, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x52 >[2006/11/08 12:11:54, 3] smbd/process.c:process_smb(1110) > Transaction 3 of length 86 >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=82 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=20224 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 82 (0x52) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=39 >[2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 5C 00 57 00 41 00 52 00 54 00 48 00 4F .\.\.W.A .R.T.H.O > [010] 00 4C 00 45 00 5C 00 49 00 50 00 43 00 24 00 00 .L.E.\.I .P.C.$.. > [020] 00 3F 3F 3F 3F 3F 00 .?????. >[2006/11/08 12:11:54, 3] smbd/process.c:switch_message(914) > switch message SMBtconX (pid 12545) conn 0x0 >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:54, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:54, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:54, 5] smbd/uid.c:change_to_root_user(274) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/11/08 12:11:54, 4] smbd/reply.c:reply_tcon_and_X(668) > Client requested device type [?????] for share [IPC$] >[2006/11/08 12:11:54, 5] smbd/service.c:make_connection(1116) > making a connection to 'normal' service ipc$ >[2006/11/08 12:11:54, 10] smbd/share_access.c:user_ok_token(224) > user_ok_token: share IPC$ is ok for unix user wwwutz >[2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user wwwutz >[2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is wwwutz >[2006/11/08 12:11:54, 10] lib/util_pw.c:getpwnam_alloc(76) > Got wwwutz from pwnam_cache >[2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_internals(107) > Get_Pwnam_internals did find user [wwwutz]! >[2006/11/08 12:11:54, 10] smbd/service.c:set_conn_connectpath(121) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2006/11/08 12:11:54, 3] smbd/service.c:make_connection_snum(751) > Connect path is '/tmp' for service [IPC$] >[2006/11/08 12:11:54, 4] lib/sharesec.c:get_share_security(130) > get_share_security: using default secdesc for IPC$ >[2006/11/08 12:11:54, 10] lib/util_seaccess.c:se_map_generic(175) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2006/11/08 12:11:54, 10] lib/util_seaccess.c:se_access_check(231) > se_access_check: requested access 0x00000002, for NT token with 19 entries and first sid S-1-22-1-130. >[2006/11/08 12:11:54, 3] lib/util_seaccess.c:se_access_check(250) >[2006/11/08 12:11:54, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-22-1-130 > se_access_check: also S-1-22-2-15 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-22-2-12003 > se_access_check: also S-1-22-2-121 > se_access_check: also S-1-22-2-20 > se_access_check: also S-1-22-2-209 > se_access_check: also S-1-22-2-263 > se_access_check: also S-1-22-2-219 > se_access_check: also S-1-22-2-352 > se_access_check: also S-1-22-2-0 > se_access_check: also S-1-22-2-257 > se_access_check: also S-1-22-2-1000 > se_access_check: also S-1-22-2-369 > se_access_check: also S-1-22-2-154 > se_access_check: also S-1-22-2-400 > se_access_check: also S-1-22-2-5000 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >[2006/11/08 12:11:54, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (2) granted. >[2006/11/08 12:11:54, 3] smbd/vfs.c:vfs_init_default(219) > Initialising default vfs hooks >[2006/11/08 12:11:54, 5] smbd/connection.c:claim_connection(170) > claiming IPC$ 0 >[2006/11/08 12:11:54, 10] smbd/share_access.c:user_ok_token(224) > user_ok_token: share IPC$ is ok for unix user wwwutz >[2006/11/08 12:11:54, 10] smbd/share_access.c:is_share_read_only_for_token(265) > is_share_read_only_for_user: share IPC$ is read-only for unix user wwwutz >[2006/11/08 12:11:54, 4] lib/sharesec.c:get_share_security(130) > get_share_security: using default secdesc for IPC$ >[2006/11/08 12:11:54, 10] lib/util_seaccess.c:se_map_generic(175) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2006/11/08 12:11:54, 10] lib/util_seaccess.c:se_access_check(231) > se_access_check: requested access 0x00000001, for NT token with 19 entries and first sid S-1-22-1-130. >[2006/11/08 12:11:54, 3] lib/util_seaccess.c:se_access_check(250) >[2006/11/08 12:11:54, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-22-1-130 > se_access_check: also S-1-22-2-15 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-22-2-12003 > se_access_check: also S-1-22-2-121 > se_access_check: also S-1-22-2-20 > se_access_check: also S-1-22-2-209 > se_access_check: also S-1-22-2-263 > se_access_check: also S-1-22-2-219 > se_access_check: also S-1-22-2-352 > se_access_check: also S-1-22-2-0 > se_access_check: also S-1-22-2-257 > se_access_check: also S-1-22-2-1000 > se_access_check: also S-1-22-2-369 > se_access_check: also S-1-22-2-154 > se_access_check: also S-1-22-2-400 > se_access_check: also S-1-22-2-5000 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 >[2006/11/08 12:11:54, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (1) granted. >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (130, 15) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:54, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token of user S-1-22-1-130 > contains 19 SIDs > SID[ 0]: S-1-22-1-130 > SID[ 1]: S-1-22-2-15 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-12003 > SID[ 6]: S-1-22-2-121 > SID[ 7]: S-1-22-2-20 > SID[ 8]: S-1-22-2-209 > SID[ 9]: S-1-22-2-263 > SID[ 10]: S-1-22-2-219 > SID[ 11]: S-1-22-2-352 > SID[ 12]: S-1-22-2-0 > SID[ 13]: S-1-22-2-257 > SID[ 14]: S-1-22-2-1000 > SID[ 15]: S-1-22-2-369 > SID[ 16]: S-1-22-2-154 > SID[ 17]: S-1-22-2-400 > SID[ 18]: S-1-22-2-5000 > SE_PRIV 0x0 0x0 0x0 0x0 >[2006/11/08 12:11:54, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 130 > Primary group is 15 and contains 15 supplementary groups > Group[ 0]: 15 > Group[ 1]: 12003 > Group[ 2]: 121 > Group[ 3]: 20 > Group[ 4]: 209 > Group[ 5]: 263 > Group[ 6]: 219 > Group[ 7]: 352 > Group[ 8]: 0 > Group[ 9]: 257 > Group[ 10]: 1000 > Group[ 11]: 369 > Group[ 12]: 154 > Group[ 13]: 400 > Group[ 14]: 5000 >[2006/11/08 12:11:54, 5] smbd/uid.c:change_to_user(259) > change_to_user uid=(0,130) gid=(0,15) >[2006/11/08 12:11:54, 3] smbd/service.c:make_connection_snum(941) > waldi (141.14.22.101) connect to service IPC$ initially as user wwwutz (uid=130, gid=15) (pid 12545) >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:54, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:54, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:54, 5] smbd/uid.c:change_to_root_user(274) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/11/08 12:11:54, 2] smbd/reply.c:reply_tcon_and_X(711) > Serving IPC$ as a Dfs root >[2006/11/08 12:11:54, 3] smbd/reply.c:reply_tcon_and_X(715) > tconX service=IPC$ >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=48 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=20224 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 3 (0x3) > smb_bcc=7 >[2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) > [000] 49 50 43 00 00 00 00 IPC.... >[2006/11/08 12:11:54, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: 60 >[2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 116 >[2006/11/08 12:11:54, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x74 >[2006/11/08 12:11:54, 3] smbd/process.c:process_smb(1110) > Transaction 4 of length 120 >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=116 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=2844 > smb_uid=101 > smb_mid=20288 > smt_wct=15 > smb_vwv[ 0]= 48 (0x30) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 48 (0x30) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 16 (0x10) > smb_bcc=51 >[2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) > [000] 00 00 00 03 00 5C 00 77 00 61 00 72 00 74 00 68 .....\.w .a.r.t.h > [010] 00 6F 00 6C 00 65 00 5C 00 6D 00 61 00 6D 00 65 .o.l.e.\ .m.a.m.e > [020] 00 70 00 69 00 6D 00 61 00 67 00 65 00 73 00 5C .p.i.m.a .g.e.s.\ > [030] 00 00 00 ... >[2006/11/08 12:11:54, 3] smbd/process.c:switch_message(914) > switch message SMBtrans2 (pid 12545) conn 0x14028a050 >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (130, 15) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:54, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token of user S-1-22-1-130 > contains 19 SIDs > SID[ 0]: S-1-22-1-130 > SID[ 1]: S-1-22-2-15 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-12003 > SID[ 6]: S-1-22-2-121 > SID[ 7]: S-1-22-2-20 > SID[ 8]: S-1-22-2-209 > SID[ 9]: S-1-22-2-263 > SID[ 10]: S-1-22-2-219 > SID[ 11]: S-1-22-2-352 > SID[ 12]: S-1-22-2-0 > SID[ 13]: S-1-22-2-257 > SID[ 14]: S-1-22-2-1000 > SID[ 15]: S-1-22-2-369 > SID[ 16]: S-1-22-2-154 > SID[ 17]: S-1-22-2-400 > SID[ 18]: S-1-22-2-5000 > SE_PRIV 0x0 0x0 0x0 0x0 >[2006/11/08 12:11:54, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 130 > Primary group is 15 and contains 15 supplementary groups > Group[ 0]: 15 > Group[ 1]: 12003 > Group[ 2]: 121 > Group[ 3]: 20 > Group[ 4]: 209 > Group[ 5]: 263 > Group[ 6]: 219 > Group[ 7]: 352 > Group[ 8]: 0 > Group[ 9]: 257 > Group[ 10]: 1000 > Group[ 11]: 369 > Group[ 12]: 154 > Group[ 13]: 400 > Group[ 14]: 5000 >[2006/11/08 12:11:54, 5] smbd/uid.c:change_to_user(259) > change_to_user uid=(0,130) gid=(0,15) >[2006/11/08 12:11:54, 4] smbd/vfs.c:vfs_ChDir(741) > vfs_ChDir to /tmp >[2006/11/08 12:11:54, 10] smbd/trans2.c:call_trans2getdfsreferral(4932) > call_trans2getdfsreferral >[2006/11/08 12:11:54, 10] smbd/msdfs.c:parse_dfs_path(44) > temp in parse_dfs_path: .warthole\mamepimages. after trimming \'s >[2006/11/08 12:11:54, 10] smbd/msdfs.c:parse_dfs_path(54) > parse_dfs_path: hostname: warthole >[2006/11/08 12:11:54, 10] smbd/msdfs.c:setup_dfs_referral(834) > max_referral_level :3 >[2006/11/08 12:11:54, 10] smbd/msdfs.c:setup_ver3_dfs_referral(711) > setting up version3 referral >[2006/11/08 12:11:54, 10] smbd/msdfs.c:setup_ver3_dfs_referral(715) >[2006/11/08 12:11:54, 0] lib/util.c:dump_data(2215) > [000] 5C 00 77 00 61 00 72 00 74 00 68 00 6F 00 6C 00 \.w.a.r. t.h.o.l. > [010] 65 00 5C 00 6D 00 61 00 6D 00 65 00 70 00 69 00 e.\.m.a. m.e.p.i. > [020] 6D 00 61 00 67 00 65 00 73 00 5C 00 00 00 m.a.g.e. s.\... >[2006/11/08 12:11:54, 10] smbd/msdfs.c:setup_ver3_dfs_referral(724) > referral 0 : \warthole\mamepimages\ >[2006/11/08 12:11:54, 10] smbd/msdfs.c:setup_dfs_referral(854) > DFS Referral pdata: >[2006/11/08 12:11:54, 0] lib/util.c:dump_data(2215) > [000] 2C 00 01 00 03 00 00 00 03 00 22 00 01 00 00 00 ,....... .."..... > [010] 58 02 00 00 22 00 50 00 7E 00 00 00 00 00 00 00 X...".P. ~....... > [020] 00 00 00 00 00 00 00 00 00 00 5C 00 77 00 61 00 ........ ..\.w.a. > [030] 72 00 74 00 68 00 6F 00 6C 00 65 00 5C 00 6D 00 r.t.h.o. l.e.\.m. > [040] 61 00 6D 00 65 00 70 00 69 00 6D 00 61 00 67 00 a.m.e.p. i.m.a.g. > [050] 65 00 73 00 5C 00 00 00 5C 00 77 00 61 00 72 00 e.s.\... \.w.a.r. > [060] 74 00 68 00 6F 00 6C 00 65 00 5C 00 6D 00 61 00 t.h.o.l. e.\.m.a. > [070] 6D 00 65 00 70 00 69 00 6D 00 61 00 67 00 65 00 m.e.p.i. m.a.g.e. > [080] 73 00 5C 00 00 00 5C 00 77 00 61 00 72 00 74 00 s.\...\. w.a.r.t. > [090] 68 00 6F 00 6C 00 65 00 5C 00 6D 00 61 00 6D 00 h.o.l.e. \.m.a.m. > [0A0] 65 00 70 00 69 00 6D 00 61 00 67 00 65 00 73 00 e.p.i.m. a.g.e.s. > [0B0] 5C 00 00 00 \... >[2006/11/08 12:11:54, 9] smbd/trans2.c:send_trans2_replies(689) > t2_rep: params_sent_thistime = 0, data_sent_thistime = 180, useable_space = 131012 >[2006/11/08 12:11:54, 9] smbd/trans2.c:send_trans2_replies(691) > t2_rep: params_to_send = 0, data_to_send = 180, paramsize = 0, datasize = 180 >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=236 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55361 > smb_tid=1 > smb_pid=2844 > smb_uid=101 > smb_mid=20288 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 180 (0xB4) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 180 (0xB4) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=181 >[2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) > [000] 00 2C 00 01 00 03 00 00 00 03 00 22 00 01 00 00 .,...... ...".... > [010] 00 58 02 00 00 22 00 50 00 7E 00 00 00 00 00 00 .X...".P .~...... > [020] 00 00 00 00 00 00 00 00 00 00 00 5C 00 77 00 61 ........ ...\.w.a > [030] 00 72 00 74 00 68 00 6F 00 6C 00 65 00 5C 00 6D .r.t.h.o .l.e.\.m > [040] 00 61 00 6D 00 65 00 70 00 69 00 6D 00 61 00 67 .a.m.e.p .i.m.a.g > [050] 00 65 00 73 00 5C 00 00 00 5C 00 77 00 61 00 72 .e.s.\.. .\.w.a.r > [060] 00 74 00 68 00 6F 00 6C 00 65 00 5C 00 6D 00 61 .t.h.o.l .e.\.m.a > [070] 00 6D 00 65 00 70 00 69 00 6D 00 61 00 67 00 65 .m.e.p.i .m.a.g.e > [080] 00 73 00 5C 00 00 00 5C 00 77 00 61 00 72 00 74 .s.\...\ .w.a.r.t > [090] 00 68 00 6F 00 6C 00 65 00 5C 00 6D 00 61 00 6D .h.o.l.e .\.m.a.m > [0A0] 00 65 00 70 00 69 00 6D 00 61 00 67 00 65 00 73 .e.p.i.m .a.g.e.s > [0B0] 00 5C 00 00 00 .\... >[2006/11/08 12:11:54, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: 60 >[2006/11/08 12:11:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 96 >[2006/11/08 12:11:54, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x60 >[2006/11/08 12:11:54, 3] smbd/process.c:process_smb(1110) > Transaction 5 of length 100 >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:54, 5] lib/util.c:show_msg(481) > size=96 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=20352 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=53 >[2006/11/08 12:11:54, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 5C 00 57 00 41 00 52 00 54 00 48 00 4F .\.\.W.A .R.T.H.O > [010] 00 4C 00 45 00 5C 00 4D 00 41 00 4D 00 45 00 50 .L.E.\.M .A.M.E.P > [020] 00 49 00 4D 00 41 00 47 00 45 00 53 00 00 00 3F .I.M.A.G .E.S...? > [030] 3F 3F 3F 3F 00 ????. >[2006/11/08 12:11:54, 3] smbd/process.c:switch_message(914) > switch message SMBtconX (pid 12545) conn 0x0 >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:54, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:54, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:54, 5] smbd/uid.c:change_to_root_user(274) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/11/08 12:11:54, 4] smbd/reply.c:reply_tcon_and_X(668) > Client requested device type [?????] for share [MAMEPIMAGES] >[2006/11/08 12:11:54, 5] smbd/service.c:make_connection(1116) > making a connection to 'normal' service mamepimages >[2006/11/08 12:11:54, 10] smbd/share_access.c:user_ok_token(224) > user_ok_token: share mamepimages is ok for unix user wwwutz >[2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user wwwutz >[2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is wwwutz >[2006/11/08 12:11:54, 10] lib/util_pw.c:getpwnam_alloc(76) > Got wwwutz from pwnam_cache >[2006/11/08 12:11:54, 5] lib/username.c:Get_Pwnam_internals(107) > Get_Pwnam_internals did find user [wwwutz]! >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: WARTHOLE\imgdata => WARTHOLE (domain), imgdata (name) >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:54, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:54, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:54, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:54, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) > getsampwnam (smbpasswd): search by name: imgdata >[2006/11/08 12:11:54, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) > startsmbfilepwent_internal: opening file /var/samba/private/smbpasswd >[2006/11/08 12:11:54, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) > getsmbfilepwent: end of file reached. >[2006/11/08 12:11:54, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) > endsmbfilepwent_internal: closed password file. >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:54, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:54, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:54, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: Unix User\imgdata => Unix User (domain), imgdata (name) >[2006/11/08 12:11:54, 10] passdb/lookup_sid.c:sid_to_uid(1209) > sid_to_uid: S-1-22-1-1087 -> 1087 >[2006/11/08 12:11:54, 10] lib/system_smbd.c:sys_getgrouplist(125) > sys_getgrouplist: user [imgdata] >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:54, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:54, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:54, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:54, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:55, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:55, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 372 -> S-1-22-2-372 >[2006/11/08 12:11:55, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 392 -> S-1-22-2-392 >[2006/11/08 12:11:55, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-1-1087] >[2006/11/08 12:11:55, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-372] >[2006/11/08 12:11:55, 5] lib/privileges.c:get_privileges_for_sids(458) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: > SE_PRIV 0x0 0x0 0x0 0x0 >[2006/11/08 12:11:55, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2006/11/08 12:11:55, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2006/11/08 12:11:55, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-392] >[2006/11/08 12:11:55, 3] smbd/service.c:make_connection_snum(672) > Forced user imgdata >[2006/11/08 12:11:55, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: WARTHOLE\abt_her => WARTHOLE (domain), abt_her (name) >[2006/11/08 12:11:55, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:55, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:55, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:55, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:55, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:55, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:55, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: Unix Group\abt_her => Unix Group (domain), abt_her (name) >[2006/11/08 12:11:55, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-9000 -> 9000 >[2006/11/08 12:11:55, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: WARTHOLE\imgdata => WARTHOLE (domain), imgdata (name) >[2006/11/08 12:11:55, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:55, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:55, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:55, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:55, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:55, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) > getsampwnam (smbpasswd): search by name: imgdata >[2006/11/08 12:11:55, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) > startsmbfilepwent_internal: opening file /var/samba/private/smbpasswd >[2006/11/08 12:11:55, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) > getsmbfilepwent: end of file reached. >[2006/11/08 12:11:55, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) > endsmbfilepwent_internal: closed password file. >[2006/11/08 12:11:55, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:55, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:55, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:55, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:55, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:55, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:55, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:55, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: Unix User\imgdata => Unix User (domain), imgdata (name) >[2006/11/08 12:11:55, 10] lib/util_pw.c:getpwnam_alloc(76) > Got imgdata from pwnam_cache >[2006/11/08 12:11:55, 10] passdb/lookup_sid.c:sid_to_uid(1209) > sid_to_uid: S-1-22-1-1087 -> 1087 >[2006/11/08 12:11:55, 10] lib/system_smbd.c:sys_getgrouplist(125) > sys_getgrouplist: user [imgdata] >[2006/11/08 12:11:55, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:55, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:55, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:55, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:55, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:55, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:55, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 372 -> S-1-22-2-372 >[2006/11/08 12:11:55, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 392 -> S-1-22-2-392 >[2006/11/08 12:11:55, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-1-1087] >[2006/11/08 12:11:55, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-372] >[2006/11/08 12:11:55, 5] lib/privileges.c:get_privileges_for_sids(458) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: > SE_PRIV 0x0 0x0 0x0 0x0 >[2006/11/08 12:11:55, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2006/11/08 12:11:55, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2006/11/08 12:11:55, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-392] >[2006/11/08 12:11:55, 10] smbd/service.c:make_connection_snum(736) > Could not convert SID S-1-22-1-1087 to gid, ignoring it >[2006/11/08 12:11:55, 0] lib/fault.c:fault_report(41) > =============================================================== >[2006/11/08 12:11:55, 0] lib/fault.c:fault_report(42) > INTERNAL ERROR: Signal 11 in pid 12545 (3.0.23c) > Please read the Trouble-Shooting section of the Samba3-HOWTO >[2006/11/08 12:11:55, 0] lib/fault.c:fault_report(44) > > From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf >[2006/11/08 12:11:55, 0] lib/fault.c:fault_report(45) > =============================================================== >[2006/11/08 12:11:55, 0] lib/util.c:smb_panic(1591) > PANIC (pid 12545): internal error >[2006/11/08 12:11:55, 0] lib/util.c:log_stack_trace(1749) > unable to produce a stack trace on this platform >[2006/11/08 12:11:55, 0] lib/fault.c:dump_core(173) > dumping core in /var/samba/cores/smbd >[2006/11/08 12:11:56, 6] param/loadparm.c:lp_file_list_changed(2998) > lp_file_list_changed() > file /usr/local/samba/etc/smb.conf.service.bkps -> /usr/local/samba/etc/smb.conf.service.bkps last mod_time: Tue Nov 7 10:59:35 2006 > > file /usr/local/samba/etc/smb.conf.global.%h -> /usr/local/samba/etc/smb.conf.global.warthole last mod_time: Thu Jan 1 01:00:00 1970 > > file /usr/local/samba/etc/smb.conf.global -> /usr/local/samba/etc/smb.conf.global last mod_time: Tue Nov 7 10:59:35 2006 > > file /usr/local/samba/etc/smb.conf -> /usr/local/samba/etc/smb.conf last mod_time: Wed Nov 8 12:11:08 2006 > >[2006/11/08 12:11:56, 5] auth/auth_util.c:make_user_info_map(160) > make_user_info_map: Mapping user [lab-rr]\[wwwutz] from workstation [WALDI] >[2006/11/08 12:11:56, 10] lib/gencache.c:gencache_get(285) > Returning valid cache entry: key = TDOMCACHE/TIMESTAMP, value = 1162983779, timeout = Wed Nov 8 12:12:59 2006 >[2006/11/08 12:11:56, 10] libsmb/trustdom_cache.c:update_trustdom_cache(326) > update_trustdom_cache: not time to update trustdom_cache yet >[2006/11/08 12:11:56, 10] lib/gencache.c:gencache_get(312) > Cache entry with key = TDOM/LAB-RR couldn't be found >[2006/11/08 12:11:56, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) > no entry for trusted domain lab-rr found. >[2006/11/08 12:11:56, 5] auth/auth_util.c:make_user_info(75) > attempting to make a user_info for wwwutz (wwwutz) >[2006/11/08 12:11:56, 5] auth/auth_util.c:make_user_info(85) > making strings for wwwutz's user_info struct >[2006/11/08 12:11:56, 5] auth/auth_util.c:make_user_info(117) > making blobs for wwwutz's user_info struct >[2006/11/08 12:11:56, 10] auth/auth_util.c:make_user_info(135) > made an encrypted user_info for wwwutz (wwwutz) >[2006/11/08 12:11:56, 3] auth/auth.c:check_ntlm_password(220) > check_ntlm_password: Checking password for unmapped user [lab-rr]\[wwwutz]@[WALDI] with the new password interface >[2006/11/08 12:11:56, 3] auth/auth.c:check_ntlm_password(223) > check_ntlm_password: mapped user is: [LAB-RR]\[wwwutz]@[WALDI] >[2006/11/08 12:11:56, 10] auth/auth.c:check_ntlm_password(232) > check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) >[2006/11/08 12:11:56, 10] auth/auth.c:check_ntlm_password(235) > challenge is: >[2006/11/08 12:11:56, 5] lib/util.c:dump_data(2215) > [000] 24 52 BA 5C 68 14 1A EC $R.\h... >[2006/11/08 12:11:56, 10] auth/auth.c:check_ntlm_password(261) > check_ntlm_password: guest had nothing to say >[2006/11/08 12:11:56, 8] lib/util.c:is_myname(2036) > is_myname("LAB-RR") returns 0 >[2006/11/08 12:11:56, 6] auth/auth_sam.c:check_samstrict_security(412) > check_samstrict_security: LAB-RR is not one of my local names (ROLE_DOMAIN_MEMBER) >[2006/11/08 12:11:56, 10] auth/auth.c:check_ntlm_password(261) > check_ntlm_password: sam had nothing to say >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:56, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:56, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:56, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:56, 8] libsmb/namequery.c:get_sorted_dc_list(1550) > get_sorted_dc_list: attempting lookup using [lmhosts wins host bcast] >[2006/11/08 12:11:56, 10] lib/gencache.c:gencache_get(285) > Returning valid cache entry: key = SAF/DOMAIN/LAB-RR, value = ESKUELL, timeout = Wed Nov 8 12:26:54 2006 >[2006/11/08 12:11:56, 5] libsmb/namequery.c:saf_fetch(107) > saf_fetch: Returning "ESKUELL" for "LAB-RR" domain >[2006/11/08 12:11:56, 3] libsmb/namequery.c:get_dc_list(1426) > get_dc_list: preferred server list: "ESKUELL, *" >[2006/11/08 12:11:56, 10] libsmb/namequery.c:internal_resolve_name(1132) > internal_resolve_name: looking up LAB-RR#1c >[2006/11/08 12:11:56, 10] lib/gencache.c:gencache_get(285) > Returning valid cache entry: key = NBT/LAB-RR#1C, value = 141.14.16.97:0,141.14.17.120:0,141.14.17.130:0,141.14.19.244:0, timeout = Wed Nov 8 12:13:59 2006 >[2006/11/08 12:11:56, 5] libsmb/namecache.c:namecache_fetch(201) > name LAB-RR#1C found. >[2006/11/08 12:11:56, 8] libsmb/namequery.c:get_dc_list(1441) > Adding 4 DC's from auto lookup >[2006/11/08 12:11:56, 10] libsmb/namequery.c:internal_resolve_name(1132) > internal_resolve_name: looking up ESKUELL#20 >[2006/11/08 12:11:56, 10] lib/gencache.c:gencache_get(285) > Returning valid cache entry: key = NBT/ESKUELL#20, value = 141.14.16.97:0, timeout = Wed Nov 8 12:13:59 2006 >[2006/11/08 12:11:56, 5] libsmb/namecache.c:namecache_fetch(201) > name ESKUELL#20 found. >[2006/11/08 12:11:56, 10] libsmb/namequery.c:remove_duplicate_addrs2(408) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2006/11/08 12:11:56, 4] libsmb/namequery.c:get_dc_list(1528) > get_dc_list: returning 4 ip addresses in an ordered list >[2006/11/08 12:11:56, 4] libsmb/namequery.c:get_dc_list(1530) > get_dc_list: 141.14.16.97:0 141.14.17.120:0 141.14.17.130:0 141.14.19.244:0 >[2006/11/08 12:11:56, 10] libsmb/namequery.c:name_status_find(275) > name_status_find: looking up LAB-RR#1c at 141.14.16.97 >[2006/11/08 12:11:56, 10] lib/gencache.c:gencache_get(312) > Cache entry with key = NBT/LAB-RR#1C.20.141.14.16.97 couldn't be found >[2006/11/08 12:11:56, 5] libsmb/namecache.c:namecache_status_fetch(308) > namecache_status_fetch: no entry for NBT/LAB-RR#1C.20.141.14.16.97 found. >[2006/11/08 12:11:56, 10] lib/gencache.c:gencache_del(218) > Deleting cache entry (key = NBT/LAB-RR#1C.20.141.14.16.97) >[2006/11/08 12:11:56, 10] lib/util_sock.c:open_socket_in(839) > bind succeeded on port 0 >[2006/11/08 12:11:56, 5] libsmb/nmblib.c:send_udp(776) > Sending a packet of len 50 to (141.14.16.97) on port 137 >[2006/11/08 12:11:56, 10] lib/util_sock.c:read_udp_socket(293) > read_udp_socket: lastip 141.14.16.97 lastport 137 read: 301 >[2006/11/08 12:11:56, 10] libsmb/nmblib.c:parse_nmb(506) > parse_nmb: packet id = 19406 >[2006/11/08 12:11:56, 5] libsmb/nmblib.c:read_packet(754) > Received a packet of len 301 from (141.14.16.97) port 137 >[2006/11/08 12:11:56, 4] libsmb/nmblib.c:debug_nmb_packet(112) > nmb packet from 141.14.16.97(137) header: id=19406 opcode=Query(0) response=Yes > header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=LAB-RR<1c> rr_type=33 rr_class=1 ttl=0 > answers 0 char .ESKUELL hex 0A45534B55454C4C2020202020202020 > answers 10 char .D.LAB-RR hex 0044004C41422D525220202020202020 > answers 20 char ...LAB-RR hex 202000C4004C41422D52522020202020 > answers 30 char ...ESKUELL hex 202020201CC40045534B55454C4C2020 > answers 40 char D.LAB-RR hex 2020202020202044004C41422D525220 > answers 50 char .D.ESKUE hex 20202020202020201B440045534B5545 > answers 60 char LL .D.ADM hex 4C4C202020202020202003440041444D > answers 70 char INISTRATOR .D.L hex 494E4953545241544F5220200344004C > answers 80 char AB-RR .. hex 41422D52522020202020202020201EC4 > answers 90 char .LAB-RR hex 004C41422D5252202020202020202020 > answers a0 char .D...__MSBROWSE_ hex 1D440001025F5F4D5342524F5753455F > answers b0 char _........]...... hex 5F0201C4000000F8025D840000000000 > answers c0 char ................ hex 00000000000000000000000000000000 > answers d0 char ................ hex 00000000000000000000000000000000 > answers e0 char ... hex 000000 >[2006/11/08 12:11:56, 10] libsmb/namequery.c:parse_node_status(157) > ESKUELL#00: flags = 0x44 >[2006/11/08 12:11:56, 10] libsmb/namequery.c:parse_node_status(157) > LAB-RR#00: flags = 0xc4 >[2006/11/08 12:11:56, 10] libsmb/namequery.c:parse_node_status(157) > LAB-RR#1c: flags = 0xc4 >[2006/11/08 12:11:56, 10] libsmb/namequery.c:parse_node_status(157) > ESKUELL#20: flags = 0x44 >[2006/11/08 12:11:56, 10] libsmb/namequery.c:parse_node_status(157) > LAB-RR#1b: flags = 0x44 >[2006/11/08 12:11:56, 10] libsmb/namequery.c:parse_node_status(157) > ESKUELL#03: flags = 0x44 >[2006/11/08 12:11:56, 10] libsmb/namequery.c:parse_node_status(157) > ADMINISTRATOR#03: flags = 0x44 >[2006/11/08 12:11:56, 10] libsmb/namequery.c:parse_node_status(157) > LAB-RR#1e: flags = 0xc4 >[2006/11/08 12:11:56, 10] libsmb/namequery.c:parse_node_status(157) > LAB-RR#1d: flags = 0x44 >[2006/11/08 12:11:56, 10] libsmb/namequery.c:parse_node_status(157) > __MSBROWSE__#01: flags = 0xc4 >[2006/11/08 12:11:56, 10] libsmb/namequery.c:name_status_find(315) > name_status_find: name found, name ESKUELL ip address is 141.14.16.97 >[2006/11/08 12:11:56, 3] libsmb/namequery_dc.c:rpc_dc_name(116) > rpc_dc_name: Returning DC ESKUELL (141.14.16.97) for domain LAB-RR >[2006/11/08 12:11:56, 10] passdb/secrets.c:secrets_named_mutex(779) > secrets_named_mutex: got mutex for ESKUELL >[2006/11/08 12:11:56, 3] libsmb/cliconnect.c:cli_start_connection(1417) > Connecting to host=ESKUELL >[2006/11/08 12:11:56, 3] lib/util_sock.c:open_socket_out(874) > Connecting to 141.14.16.97 at port 445 >[2006/11/08 12:11:56, 2] lib/util_sock.c:open_socket_out(910) > error connecting to 141.14.16.97:445 (Connection refused) >[2006/11/08 12:11:56, 3] lib/util_sock.c:open_socket_out(874) > Connecting to 141.14.16.97 at port 139 >[2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 0 >[2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 0 >[2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 4 >[2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 8 >[2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEPORT = 0 >[2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 33580 >[2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 33580 >[2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1460 >[2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2006/11/08 12:11:56, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,72) >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,72) wrote 72 >[2006/11/08 12:11:56, 5] libsmb/cliconnect.c:cli_session_request(1262) > Sent session request >[2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 0 >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=0 > smb_com=0x0 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=0 > smb_flg2=0 > smb_tid=0 > smb_pid=0 > smb_uid=0 > smb_mid=0 > smt_wct=0 > smb_bcc=0 >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,183) >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,183) wrote 183 >[2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 91 >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=91 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=16040 > smb_uid=0 > smb_mid=2 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=65283 (0xFF03) > smb_vwv[ 2]= 257 (0x101) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 17 (0x11) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 67 (0x43) > smb_vwv[11]=16384 (0x4000) > smb_vwv[12]=51427 (0xC8E3) > smb_vwv[13]= 9949 (0x26DD) > smb_vwv[14]=50947 (0xC703) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 2303 (0x8FF) > smb_bcc=22 >[2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) > [000] 12 B5 69 8A B5 5D 6A F2 4C 00 41 00 42 00 2D 00 ..i..]j. L.A.B.-. > [010] 52 00 52 00 00 00 R.R... >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=91 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=16040 > smb_uid=0 > smb_mid=2 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=65283 (0xFF03) > smb_vwv[ 2]= 257 (0x101) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 17 (0x11) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 67 (0x43) > smb_vwv[11]=16384 (0x4000) > smb_vwv[12]=51427 (0xC8E3) > smb_vwv[13]= 9949 (0x26DD) > smb_vwv[14]=50947 (0xC703) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 2303 (0x8FF) > smb_bcc=22 >[2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) > [000] 12 B5 69 8A B5 5D 6A F2 4C 00 41 00 42 00 2D 00 ..i..]j. L.A.B.-. > [010] 52 00 52 00 00 00 R.R... >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,92) >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,92) wrote 92 >[2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 124 >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=124 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=16040 > smb_uid=4096 > smb_mid=3 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 124 (0x7C) > smb_vwv[ 2]= 0 (0x0) > smb_bcc=83 >[2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) > [000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [010] 00 4E 00 54 00 20 00 34 00 2E 00 30 00 00 00 4E .N.T. .4 ...0...N > [020] 00 54 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 .T. .L.A .N. .M.a > [030] 00 6E 00 61 00 67 00 65 00 72 00 20 00 34 00 2E .n.a.g.e .r. .4.. > [040] 00 30 00 00 00 4C 00 41 00 42 00 2D 00 52 00 52 .0...L.A .B.-.R.R > [050] 00 00 00 ... >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=124 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=16040 > smb_uid=4096 > smb_mid=3 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 124 (0x7C) > smb_vwv[ 2]= 0 (0x0) > smb_bcc=83 >[2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) > [000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [010] 00 4E 00 54 00 20 00 34 00 2E 00 30 00 00 00 4E .N.T. .4 ...0...N > [020] 00 54 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 .T. .L.A .N. .M.a > [030] 00 6E 00 61 00 67 00 65 00 72 00 20 00 34 00 2E .n.a.g.e .r. .4.. > [040] 00 30 00 00 00 4C 00 41 00 42 00 2D 00 52 00 52 .0...L.A .B.-.R.R > [050] 00 00 00 ... >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,82) >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,82) wrote 82 >[2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 48 >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=48 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2052 > smb_pid=16040 > smb_uid=4096 > smb_mid=4 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 1 (0x1) > smb_bcc=7 >[2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) > [000] 49 50 43 00 00 00 00 IPC.... >[2006/11/08 12:11:56, 10] libsmb/clientgen.c:cli_init_creds(233) > cli_init_creds: user domain >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,108) >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,108) wrote 108 >[2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 103 >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2052 > smb_pid=16040 > smb_uid=4096 > smb_mid=5 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 264 (0x108) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2006/11/08 12:11:56, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2040) > Bind RPC Pipe[801]: \NETLOGON auth_type 0, auth_level 0 >[2006/11/08 12:11:56, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) > Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. > [010] 01 00 00 00 .... >[2006/11/08 12:11:56, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [010] 02 00 00 00 .... >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0048 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_rb >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_contexts: 01 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c context_id : 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001e num_transfer_syntaxes: 01 >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001f smb_io_rpc_iface >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 12345678 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : 1234 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : abcd >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : ef 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 01 23 45 67 cf fb >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000001 >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_rpc_iface >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_uuid uuid >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 data : 8a885d04 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 data : 1ceb >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a data : 11c9 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003c data : 9f e8 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003e data : 08 00 2b 10 48 60 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 version: 00000002 >[2006/11/08 12:11:56, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x801 >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2052 > smb_pid=16040 > smb_uid=4096 > smb_mid=6 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 2049 (0x801) > smb_bcc=87 >[2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,158) >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,158) wrote 158 >[2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 124 >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2052 > smb_pid=16040 > smb_uid=4096 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) > [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... > [010] 00 B8 10 B8 10 39 79 06 00 0C 00 5C 50 49 50 45 .....9y. ...\PIPE > [020] 5C 6C 73 61 73 73 00 39 01 01 00 00 00 00 00 00 \lsass.9 ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2052 > smb_pid=16040 > smb_uid=4096 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) > [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... > [010] 00 B8 10 B8 10 39 79 06 00 0C 00 5C 50 49 50 45 .....9y. ...\PIPE > [020] 5C 6C 73 61 73 73 00 39 01 01 00 00 00 00 00 00 \lsass.9 ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x801 returned 68 bytes. >[2006/11/08 12:11:56, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2077) > rpc_pipe_bind: Remote machine ESKUELL pipe \NETLOGON fnum 0x801 bind request returned ok. >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_ba >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 00067939 >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_addr_str >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0018 len: 000c >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a str: \PIPE\lsass. >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000026 smb_io_rpc_results >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0028 num_results: 01 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002c result : 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002e reason : 0000 >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_rpc_iface >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_uuid uuid >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 data : 8a885d04 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0034 data : 1ceb >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0036 data : 11c9 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0038 data : 9f e8 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003a data : 08 00 2b 10 48 60 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 version: 00000002 >[2006/11/08 12:11:56, 5] rpc_client/cli_pipe.c:check_bind_response(1701) > check_bind_response: accepted! >[2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2270) > cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine ESKUELL and bound anonymously. >[2006/11/08 12:11:56, 4] passdb/secrets.c:secrets_fetch_trust_account_password(285) > Using cleartext machine password >[2006/11/08 12:11:56, 4] rpc_client/cli_netlogon.c:rpccli_net_req_chal(45) > cli_net_req_chal: LSA Request Challenge from WARTHOLE to \\ESKUELL >[2006/11/08 12:11:56, 5] rpc_parse/parse_net.c:init_q_req_chal(679) > init_q_req_chal: 679 >[2006/11/08 12:11:56, 5] rpc_parse/parse_net.c:init_q_req_chal(688) > init_q_req_chal: 688 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_req_chal >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 undoc_buffer: 00000001 >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 0000000a >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 0000000a >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.E.S.K.U.E.L.L... >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_unistr2 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 uni_max_len: 00000009 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 offset : 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c uni_str_len: 00000009 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0030 buffer : W.A.R.T.H.O.L.E... >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000042 smb_io_chal >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0042 data: 64 50 7e 95 f9 1f b0 0b >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0062 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000002 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000004a >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 0004 >[2006/11/08 12:11:56, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x801 >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=180 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2052 > smb_pid=16040 > smb_uid=4096 > smb_mid=7 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 98 (0x62) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 98 (0x62) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 2049 (0x801) > smb_bcc=113 >[2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 62 00 00 00 02 00 00 00 4A .......b .......J > [020] 00 00 00 00 00 04 00 01 00 00 00 0A 00 00 00 00 ........ ........ > [030] 00 00 00 0A 00 00 00 5C 00 5C 00 45 00 53 00 4B .......\ .\.E.S.K > [040] 00 55 00 45 00 4C 00 4C 00 00 00 09 00 00 00 00 .U.E.L.L ........ > [050] 00 00 00 09 00 00 00 57 00 41 00 52 00 54 00 48 .......W .A.R.T.H > [060] 00 4F 00 4C 00 45 00 00 00 64 50 7E 95 F9 1F B0 .O.L.E.. .dP~.... > [070] 0B . >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,184) >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,184) wrote 184 >[2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 92 >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2052 > smb_pid=16040 > smb_uid=4096 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) > [000] 62 05 00 02 03 10 00 00 00 24 00 00 00 02 00 00 b....... .$...... > [010] 00 0C 00 00 00 00 00 00 00 61 7D 05 14 90 01 00 ........ .a}..... > [020] 00 00 00 00 00 ..... >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2052 > smb_pid=16040 > smb_uid=4096 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) > [000] 62 05 00 02 03 10 00 00 00 24 00 00 00 02 00 00 b....... .$...... > [010] 00 0C 00 00 00 00 00 00 00 61 7D 05 14 90 01 00 ........ .a}..... > [020] 00 00 00 00 00 ..... >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0024 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000002 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000000c >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0 >[2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 36 at offset 0 >[2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x801 returned 24 bytes. >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_req_chal >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_chal >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0000 data: 61 7d 05 14 90 01 00 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 0008 status: NT_STATUS_OK >[2006/11/08 12:11:56, 10] libsmb/credentials.c:creds_client_init(286) > creds_client_init: neg_flags : 400701ff >[2006/11/08 12:11:56, 10] libsmb/credentials.c:creds_client_init(287) > creds_client_init: client chal : 64507E95F91FB00B >[2006/11/08 12:11:56, 10] libsmb/credentials.c:creds_client_init(288) > creds_client_init: server chal : 617D051490010000 >[2006/11/08 12:11:56, 5] libsmb/credentials.c:creds_init_64(117) > creds_init_64 >[2006/11/08 12:11:56, 5] libsmb/credentials.c:creds_init_64(118) > clnt_chal_in: 64507E95F91FB00B >[2006/11/08 12:11:56, 5] libsmb/credentials.c:creds_init_64(119) > srv_chal_in : 617D051490010000 >[2006/11/08 12:11:56, 5] libsmb/credentials.c:creds_init_64(120) > clnt+srv : C5CD83A98921B00B >[2006/11/08 12:11:56, 5] libsmb/credentials.c:creds_init_64(121) > sess_key_out : 015C67118B1BCA66 >[2006/11/08 12:11:56, 10] libsmb/credentials.c:creds_client_init(306) > creds_client_init: clnt : 1222871E0A38783F >[2006/11/08 12:11:56, 10] libsmb/credentials.c:creds_client_init(307) > creds_client_init: server : FB8D45D1A330CAF6 >[2006/11/08 12:11:56, 10] libsmb/credentials.c:creds_client_init(308) > creds_client_init: seed : 1222871E0A38783F >[2006/11/08 12:11:56, 4] rpc_client/cli_netlogon.c:rpccli_net_auth2(168) > cli_net_auth2: srv:\\ESKUELL acct:WARTHOLE$ sc:2 mc: WARTHOLE neg: 400701ff >[2006/11/08 12:11:56, 5] rpc_parse/parse_net.c:init_q_auth_2(800) > init_q_auth_2: 800 >[2006/11/08 12:11:56, 5] rpc_parse/parse_misc.c:init_log_info(1409) > make_log_info 1409 >[2006/11/08 12:11:56, 5] rpc_parse/parse_net.c:init_q_auth_2(806) > init_q_auth_2: 806 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_auth_2 >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_log_info >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 undoc_buffer: 00000001 >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 unistr2 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 0000000a >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 0000000a >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.E.S.K.U.E.L.L... >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_unistr2 unistr2 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 uni_max_len: 0000000a >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 offset : 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c uni_str_len: 0000000a >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0030 buffer : W.A.R.T.H.O.L.E.$... >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0044 sec_chan: 0002 >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000046 smb_io_unistr2 unistr2 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0048 uni_max_len: 00000009 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c offset : 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0050 uni_str_len: 00000009 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0054 buffer : W.A.R.T.H.O.L.E... >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000066 smb_io_chal >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0066 data: 12 22 87 1e 0a 38 78 3f >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00006e net_io_neg_flags >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 neg_flags: 400701ff >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 008c >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000074 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 000f >[2006/11/08 12:11:56, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x801 >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=222 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2052 > smb_pid=16040 > smb_uid=4096 > smb_mid=8 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 140 (0x8C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 140 (0x8C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 2049 (0x801) > smb_bcc=155 >[2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 8C 00 00 00 03 00 00 00 74 ........ .......t > [020] 00 00 00 00 00 0F 00 01 00 00 00 0A 00 00 00 00 ........ ........ > [030] 00 00 00 0A 00 00 00 5C 00 5C 00 45 00 53 00 4B .......\ .\.E.S.K > [040] 00 55 00 45 00 4C 00 4C 00 00 00 0A 00 00 00 00 .U.E.L.L ........ > [050] 00 00 00 0A 00 00 00 57 00 41 00 52 00 54 00 48 .......W .A.R.T.H > [060] 00 4F 00 4C 00 45 00 24 00 00 00 02 00 00 00 09 .O.L.E.$ ........ > [070] 00 00 00 00 00 00 00 09 00 00 00 57 00 41 00 52 ........ ...W.A.R > [080] 00 54 00 48 00 4F 00 4C 00 45 00 00 00 12 22 87 .T.H.O.L .E....". > [090] 1E 0A 38 78 3F 00 00 FF 01 07 40 ..8x?... ..@ >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,226) >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,226) wrote 226 >[2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 96 >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2052 > smb_pid=16040 > smb_uid=4096 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) > [000] 8C 05 00 02 03 10 00 00 00 28 00 00 00 03 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 FB 8D 45 D1 A3 30 CA ........ ...E..0. > [020] F6 FF 01 00 40 00 00 00 00 ....@... . >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2052 > smb_pid=16040 > smb_uid=4096 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) > [000] 8C 05 00 02 03 10 00 00 00 28 00 00 00 03 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 FB 8D 45 D1 A3 30 CA ........ ...E..0. > [020] F6 FF 01 00 40 00 00 00 00 ....@... . >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0028 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000010 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0 >[2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 40 at offset 0 >[2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x801 returned 32 bytes. >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_auth_2 >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_chal >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0000 data: fb 8d 45 d1 a3 30 ca f6 >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 net_io_neg_flags >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 neg_flags: 400001ff >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 000c status: NT_STATUS_OK >[2006/11/08 12:11:56, 10] libsmb/credentials.c:creds_client_check(325) > creds_client_check: credentials check OK. >[2006/11/08 12:11:56, 5] rpc_client/cli_netlogon.c:rpccli_netlogon_setup_creds(344) > rpccli_netlogon_setup_creds: server ESKUELL credential chain established. >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,108) >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,108) wrote 108 >[2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 103 >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2052 > smb_pid=16040 > smb_uid=4096 > smb_mid=9 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 512 (0x200) > smb_vwv[ 3]= 264 (0x108) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2006/11/08 12:11:56, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2040) > Bind RPC Pipe[802]: \NETLOGON auth_type 2, auth_level 6 >[2006/11/08 12:11:56, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) > Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. > [010] 01 00 00 00 .... >[2006/11/08 12:11:56, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [010] 02 00 00 00 .... >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_auth_schannel_neg schannel_neg >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 type1: 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 type2: 00000003 >[2006/11/08 12:11:56, 6] lib/util.c:dump_data(2215) > [000] 4C 41 42 2D 52 52 LAB-RR >[2006/11/08 12:11:56, 6] lib/util.c:dump_data(2215) > [000] 57 41 52 54 48 4F 4C 45 WARTHOLE >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0068 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0018 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_rb >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_contexts: 01 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c context_id : 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001e num_transfer_syntaxes: 01 >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001f smb_io_rpc_iface >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 12345678 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : 1234 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : abcd >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : ef 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 01 23 45 67 cf fb >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000001 >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_rpc_iface >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_uuid uuid >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 data : 8a885d04 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 data : 1ceb >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a data : 11c9 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003c data : 9f e8 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003e data : 08 00 2b 10 48 60 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 version: 00000002 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000048 smb_io_rpc_hdr_auth hdr_auth >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0048 auth_type : 44 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0049 auth_level : 06 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 004a auth_pad_len : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 004b auth_reserved: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c auth_context_id: 00000001 >[2006/11/08 12:11:56, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x802 >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=186 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2052 > smb_pid=16040 > smb_uid=4096 > smb_mid=10 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 104 (0x68) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 2050 (0x802) > smb_bcc=119 >[2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 68 00 18 00 04 00 00 00 B8 .......h ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ > [060] 00 00 00 03 00 00 00 4C 41 42 2D 52 52 00 57 41 .......L AB-RR.WA > [070] 52 54 48 4F 4C 45 00 RTHOLE. >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,190) >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,190) wrote 190 >[2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 144 >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2052 > smb_pid=16040 > smb_uid=4096 > smb_mid=10 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 88 (0x58) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=89 >[2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) > [000] 68 05 00 0C 03 10 00 00 00 58 00 0C 00 04 00 00 h....... .X...... > [010] 00 B8 10 B8 10 3A 79 06 00 0C 00 5C 50 49 50 45 .....:y. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ > [050] 00 00 00 00 00 00 2E 06 8F ........ . >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2052 > smb_pid=16040 > smb_uid=4096 > smb_mid=10 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 88 (0x58) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=89 >[2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) > [000] 68 05 00 0C 03 10 00 00 00 58 00 0C 00 04 00 00 h....... .X...... > [010] 00 B8 10 B8 10 3A 79 06 00 0C 00 5C 50 49 50 45 .....:y. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ > [050] 00 00 00 00 00 00 2E 06 8F ........ . >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0058 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 000c >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 88 at offset 0 >[2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x802 returned 88 bytes. >[2006/11/08 12:11:56, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2077) > rpc_pipe_bind: Remote machine ESKUELL pipe \NETLOGON fnum 0x802 bind request returned ok. >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0058 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 000c >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_ba >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 0006793a >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_addr_str >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0018 len: 000c >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a str: \PIPE\lsass. >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000026 smb_io_rpc_results >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0028 num_results: 01 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002c result : 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002e reason : 0000 >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_rpc_iface >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_uuid uuid >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 data : 8a885d04 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0034 data : 1ceb >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0036 data : 11c9 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0038 data : 9f e8 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003a data : 08 00 2b 10 48 60 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 version: 00000002 >[2006/11/08 12:11:56, 5] rpc_client/cli_pipe.c:check_bind_response(1701) > check_bind_response: accepted! >[2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel_with_key(2534) > cli_rpc_pipe_open_schannel_with_key: opened pipe \NETLOGON to machine ESKUELL for domain LAB-RR and bound using schannel. >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,45) >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,45) wrote 45 >[2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2052 > smb_pid=16040 > smb_uid=4096 > smb_mid=11 > smt_wct=0 > smb_bcc=0 >[2006/11/08 12:11:56, 10] libsmb/clientgen.c:cli_rpc_pipe_close(383) > cli_rpc_pipe_close: closed pipe \NETLOGON to machine ESKUELL >[2006/11/08 12:11:56, 10] libsmb/namequery.c:saf_store(70) > saf_store: domain = [LAB-RR], server = [ESKUELL], expire = [1162985216] >[2006/11/08 12:11:56, 10] lib/gencache.c:gencache_set(128) > Adding cache entry with key = SAF/DOMAIN/LAB-RR; value = ESKUELL and timeout = Wed Nov 8 12:26:56 2006 > (900 seconds ahead) >[2006/11/08 12:11:56, 5] libsmb/credentials.c:creds_step(148) > sequence = 0x4551bb7e >[2006/11/08 12:11:56, 5] libsmb/credentials.c:creds_step(150) > seed: 1222871E0A38783F >[2006/11/08 12:11:56, 5] libsmb/credentials.c:creds_step(155) > seed+seq 90DDD8630A38783F >[2006/11/08 12:11:56, 5] libsmb/credentials.c:creds_step(159) > CLIENT 286C81728F685919 >[2006/11/08 12:11:56, 5] libsmb/credentials.c:creds_step(164) > seed+seq+1 91DDD8630A38783F >[2006/11/08 12:11:56, 5] libsmb/credentials.c:creds_step(168) > SERVER DDEC1EC2D1E3E8EF >[2006/11/08 12:11:56, 5] libsmb/credentials.c:creds_reseed(238) > cred_reseed: seed 91DDD8630A38783F >[2006/11/08 12:11:56, 5] rpc_parse/parse_net.c:init_id_info2(1181) > init_id_info2: 1181 >[2006/11/08 12:11:56, 5] rpc_parse/parse_misc.c:init_logon_id(1588) > make_logon_id: 1588 >[2006/11/08 12:11:56, 5] rpc_parse/parse_net.c:init_sam_info(1275) > init_sam_info: 1275 >[2006/11/08 12:11:56, 5] rpc_parse/parse_misc.c:init_clnt_info2(1503) > make_clnt_info: 1503 >[2006/11/08 12:11:56, 5] rpc_parse/parse_misc.c:init_clnt_srv(1348) > init_clnt_srv: 1348 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_sam_logon >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_sam_info >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_clnt_info2 >[2006/11/08 12:11:56, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_clnt_srv >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 undoc_buffer : 00000001 >[2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 unistr2 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 0000000a >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 0000000a >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.E.S.K.U.E.L.L... >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 undoc_buffer2: 00000001 >[2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_unistr2 unistr2 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 uni_max_len: 00000009 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c offset : 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 uni_str_len: 00000009 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0034 buffer : W.A.R.T.H.O.L.E... >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0048 ptr_cred: 00000001 >[2006/11/08 12:11:56, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00004c smb_io_cred >[2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00004c smb_io_chal >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 004c data: 28 6c 81 72 8f 68 59 19 >[2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000054 smb_io_utime >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 time: 4551bb7e >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0058 ptr_rtn_cred : 00000001 >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00005c smb_io_cred >[2006/11/08 12:11:56, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00005c smb_io_chal >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 005c data: 00 00 00 00 00 00 00 00 >[2006/11/08 12:11:56, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000064 smb_io_utime >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 time: 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0068 logon_level : 0002 >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00006a smb_io_sam_info_ctr logon_info >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006a switch_value : 0002 >[2006/11/08 12:11:56, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00006c net_io_id_info2 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c ptr_id_info2: 00000001 >[2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000070 smb_io_unihdr unihdr >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0070 uni_str_len: 000c >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0072 uni_max_len: 000c >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 buffer : 00000001 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 param_ctrl: 00000820 >[2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00007c smb_io_logon_id >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c low : 0000dead >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0080 high: 0000beef >[2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000084 smb_io_unihdr unihdr >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0084 uni_str_len: 000c >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0086 uni_max_len: 000c >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0088 buffer : 00000001 >[2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00008c smb_io_unihdr unihdr >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 008c uni_str_len: 000e >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 008e uni_max_len: 000e >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0090 buffer : 00000001 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0094 lm_chal: 24 52 ba 5c 68 14 1a ec >[2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00009c smb_io_strhdr hdr_nt_chal_resp >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009c str_str_len: 0018 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009e str_max_len: 0018 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a0 buffer : 00000001 >[2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000a4 smb_io_strhdr hdr_lm_chal_resp >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a4 str_str_len: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a6 str_max_len: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a8 buffer : 00000000 >[2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000ac smb_io_unistr2 uni_domain_name >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ac uni_max_len: 00000006 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b0 offset : 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b4 uni_str_len: 00000006 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00b8 buffer : L.A.B.-.R.R. >[2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000c4 smb_io_unistr2 uni_user_name >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 uni_max_len: 00000006 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c8 offset : 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00cc uni_str_len: 00000006 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00d0 buffer : w.w.w.u.t.z. >[2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000dc smb_io_unistr2 uni_wksta_name >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00dc uni_max_len: 00000007 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e0 offset : 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e4 uni_str_len: 00000007 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00e8 buffer : \.\.W.A.L.D.I. >[2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000f6 smb_io_string2 nt_chal_resp >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f8 str_max_len: 00000018 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00fc offset : 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0100 str_str_len: 00000018 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_string2(1096) > 0104 buffer : ^...?......?...M....t..r >[2006/11/08 12:11:56, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00011c smb_io_string2 - NULL lm_chal_resp >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 011c validation_level: 0003 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0160 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0020 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000005 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000011e >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 0002 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000138 smb_io_rpc_hdr_auth hdr_auth >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0138 auth_type : 44 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0139 auth_level : 06 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 013a auth_pad_len : 02 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 013b auth_reserved: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 013c auth_context_id: 00000001 >[2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1356) > add_schannel_auth_footer: SCHANNEL seq_num=0 >[2006/11/08 12:11:56, 10] rpc_parse/parse_prs.c:schannel_encode(1633) > SCHANNEL: schannel_encode seq_num=0 data_len=288 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000140 smb_io_rpc_auth_schannel_chk >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0140 sig : 77 00 7a 00 ff ff 00 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0148 seq_num: b2 54 40 7c 29 16 78 b9 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0150 packet_digest: 54 84 bb 77 0e 0b 4b 80 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0158 confounder: b8 80 2b 6d e9 36 ff 41 >[2006/11/08 12:11:56, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x802 >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=434 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=2052 > smb_pid=16040 > smb_uid=4096 > smb_mid=12 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 352 (0x160) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 352 (0x160) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 2050 (0x802) > smb_bcc=367 >[2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 60 01 20 00 05 00 00 00 1E .......` . ...... > [020] 01 00 00 00 00 02 00 1B BD 90 10 F5 CA 97 7D 7C ........ ......}| > [030] 92 74 F7 8E 63 83 1A F8 4C 9D 0F 08 09 D4 48 9E .t..c... L.....H. > [040] F3 98 DD 17 EF 5D FD 9F 75 30 02 C2 81 E4 D4 08 .....].. u0...... > [050] 09 E3 DB 52 9C EA CB 42 D3 89 D1 A9 FD AF A2 4F ...R...B .......O > [060] 18 0C 40 FF D1 33 1B F3 8E 66 3A 65 9E FC 8A C8 ..@..3.. .f:e.... > [070] 18 AC B4 26 2D 7F 81 ED C8 16 EC DB 5D C9 87 12 ...&-... ....]... > [080] CC 04 83 EF 56 01 3E CB 27 85 07 AF 2C 14 74 31 ....V.>. '...,.t1 > [090] 01 47 2D 18 99 DE 42 56 C0 F0 72 61 18 FE D0 C2 .G-...BV ..ra.... > [0A0] 5C F9 6E D8 8D 78 74 A5 91 8D CB 0D B4 D8 8B 03 \.n..xt. ........ > [0B0] 3B D6 67 A7 A8 3B 28 70 FE 7C D0 7E 07 E3 DF 32 ;.g..;(p .|.~...2 > [0C0] 1A 74 27 89 D2 0C 08 3E 03 B7 21 2D 44 4C B2 66 .t'....> ..!-DL.f > [0D0] 6E 52 EE 5F 08 8C 61 01 2F 4B EE F6 59 00 6D 65 nR._..a. /K..Y.me > [0E0] 34 EA A9 1C 2D C8 15 4E 30 BA 56 3B CB FF 7E 85 4...-..N 0.V;..~. > [0F0] 26 EB 52 B5 72 12 B1 A1 C6 FB B5 08 6C F8 A4 3F &.R.r... ....l..? > [100] AC 4F 0F 81 C5 8A 83 3D DD 77 60 73 93 D6 8D FF .O.....= .w`s.... > [110] D3 1B 15 3F 08 22 9C DE 07 A6 FE BB 95 1A 1A 5A ...?.".. .......Z > [120] 07 E0 9C 05 F9 D4 84 21 82 7B B3 99 34 E8 48 74 .......! .{..4.Ht > [130] 9C 92 03 67 3F 5B D9 2B E7 72 42 71 F6 32 7E F5 ...g?[.+ .rBq.2~. > [140] 02 DC F4 BC D5 22 DA 44 06 02 00 01 00 00 00 77 .....".D .......w > [150] 00 7A 00 FF FF 00 00 B2 54 40 7C 29 16 78 B9 54 .z...... T@|).x.T > [160] 84 BB 77 0E 0B 4B 80 B8 80 2B 6D E9 36 FF 41 ..w..K.. .+m.6.A >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,438) >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,438) wrote 438 >[2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 456 >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=456 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2052 > smb_pid=16040 > smb_uid=4096 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 400 (0x190) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 400 (0x190) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=401 >[2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) > [000] 60 05 00 02 03 10 00 00 00 90 01 20 00 05 00 00 `....... ... .... > [010] 00 50 01 00 00 00 00 00 00 49 18 F8 D2 CC 2E 75 .P...... .I.....u > [020] 87 3F 65 AF 92 A8 45 82 64 B0 A2 25 34 F1 99 47 .?e...E. d..%4..G > [030] 9A 06 A1 2C 15 F2 0C 86 F8 11 A3 29 A6 9A 47 C3 ...,.... ...)..G. > [040] 85 7A CB 3F 29 9B 8B 38 B7 08 DE 92 E3 59 79 6D .z.?)..8 .....Yym > [050] C8 49 01 1C CF 44 E6 16 FC 47 F3 C2 4B 63 CD 7E .I...D.. .G..Kc.~ > [060] 56 AF 02 CB 04 C6 AF AC 55 94 40 C6 02 8F 4B 5A V....... U.@...KZ > [070] B4 22 83 3A B2 24 24 70 F7 C4 27 9A EA 45 D7 B8 .".:.$$p ..'..E.. > [080] BE 1E A9 78 61 A5 4C E9 66 3E 24 5F 14 87 12 72 ...xa.L. f>$_...r > [090] 85 C0 25 8F 71 CC 27 0B C8 4A 5B 6B 00 8E 6A E2 ..%.q.'. .J[k..j. > [0A0] C5 AB A6 09 C0 F4 4F 04 F4 05 93 AF 17 21 17 65 ......O. .....!.e > [0B0] 8C DD E6 66 0A F8 A4 99 D9 6B A0 D7 38 D5 1C 14 ...f.... .k..8... > [0C0] BF 99 E0 B6 2E 7A 15 9D 63 1F A5 B3 DB B1 DD 6F .....z.. c......o > [0D0] 57 0F 13 A3 38 4F 9C 39 CA 3F 82 A2 80 AC 26 C6 W...8O.9 .?....&. > [0E0] 88 B2 4A 39 5B 09 90 35 0A 81 DC C9 66 95 95 07 ..J9[..5 ....f... > [0F0] 13 3A A2 62 82 79 B4 C5 54 83 40 7E FE FB 25 38 .:.b.y.. T.@~..%8 > [100] DA 0E 7A 40 08 FE 12 93 B4 16 08 FF EF 55 D4 EF ..z@.... .....U.. > [110] D5 8C BA E6 9D 9C 21 2B 8F 8A AC 0A CE 04 C4 7A ......!+ .......z > [120] 0F 52 6C 9D E5 5E 8B 43 11 FF 8E 1E 1C 02 A4 CA .Rl..^.C ........ > [130] 0B 38 83 B6 1E 9A 1C 6E 40 44 50 5E 8D DD F0 67 .8.....n @DP^...g > [140] 5D AC 6B FB F3 5B B0 5F BA 86 9B C7 2C C0 6A C1 ].k..[._ ....,.j. > [150] 40 69 2D 00 AE 32 60 CE 95 DC C6 A3 E0 B5 19 CC @i-..2`. ........ > [160] 03 F5 49 1C 66 23 6F 80 86 44 06 00 00 01 00 00 ..I.f#o. .D...... > [170] 00 77 00 7A 00 FF FF 00 00 D1 12 C6 B6 22 2F FA .w.z.... ....."/. > [180] 30 03 4E 28 52 2F 65 B2 DA 5C 6B 37 85 4D 83 B4 0.N(R/e. .\k7.M.. > [190] A7 . >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=456 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2052 > smb_pid=16040 > smb_uid=4096 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 400 (0x190) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 400 (0x190) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=401 >[2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) > [000] 60 05 00 02 03 10 00 00 00 90 01 20 00 05 00 00 `....... ... .... > [010] 00 50 01 00 00 00 00 00 00 49 18 F8 D2 CC 2E 75 .P...... .I.....u > [020] 87 3F 65 AF 92 A8 45 82 64 B0 A2 25 34 F1 99 47 .?e...E. d..%4..G > [030] 9A 06 A1 2C 15 F2 0C 86 F8 11 A3 29 A6 9A 47 C3 ...,.... ...)..G. > [040] 85 7A CB 3F 29 9B 8B 38 B7 08 DE 92 E3 59 79 6D .z.?)..8 .....Yym > [050] C8 49 01 1C CF 44 E6 16 FC 47 F3 C2 4B 63 CD 7E .I...D.. .G..Kc.~ > [060] 56 AF 02 CB 04 C6 AF AC 55 94 40 C6 02 8F 4B 5A V....... U.@...KZ > [070] B4 22 83 3A B2 24 24 70 F7 C4 27 9A EA 45 D7 B8 .".:.$$p ..'..E.. > [080] BE 1E A9 78 61 A5 4C E9 66 3E 24 5F 14 87 12 72 ...xa.L. f>$_...r > [090] 85 C0 25 8F 71 CC 27 0B C8 4A 5B 6B 00 8E 6A E2 ..%.q.'. .J[k..j. > [0A0] C5 AB A6 09 C0 F4 4F 04 F4 05 93 AF 17 21 17 65 ......O. .....!.e > [0B0] 8C DD E6 66 0A F8 A4 99 D9 6B A0 D7 38 D5 1C 14 ...f.... .k..8... > [0C0] BF 99 E0 B6 2E 7A 15 9D 63 1F A5 B3 DB B1 DD 6F .....z.. c......o > [0D0] 57 0F 13 A3 38 4F 9C 39 CA 3F 82 A2 80 AC 26 C6 W...8O.9 .?....&. > [0E0] 88 B2 4A 39 5B 09 90 35 0A 81 DC C9 66 95 95 07 ..J9[..5 ....f... > [0F0] 13 3A A2 62 82 79 B4 C5 54 83 40 7E FE FB 25 38 .:.b.y.. T.@~..%8 > [100] DA 0E 7A 40 08 FE 12 93 B4 16 08 FF EF 55 D4 EF ..z@.... .....U.. > [110] D5 8C BA E6 9D 9C 21 2B 8F 8A AC 0A CE 04 C4 7A ......!+ .......z > [120] 0F 52 6C 9D E5 5E 8B 43 11 FF 8E 1E 1C 02 A4 CA .Rl..^.C ........ > [130] 0B 38 83 B6 1E 9A 1C 6E 40 44 50 5E 8D DD F0 67 .8.....n @DP^...g > [140] 5D AC 6B FB F3 5B B0 5F BA 86 9B C7 2C C0 6A C1 ].k..[._ ....,.j. > [150] 40 69 2D 00 AE 32 60 CE 95 DC C6 A3 E0 B5 19 CC @i-..2`. ........ > [160] 03 F5 49 1C 66 23 6F 80 86 44 06 00 00 01 00 00 ..I.f#o. .D...... > [170] 00 77 00 7A 00 FF FF 00 00 D1 12 C6 B6 22 2F FA .w.z.... ....."/. > [180] 30 03 4E 28 52 2F 65 B2 DA 5C 6B 37 85 4D 83 B4 0.N(R/e. .\k7.M.. > [190] A7 . >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0190 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0020 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000005 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000150 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000168 smb_io_rpc_hdr_auth hdr_auth >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0168 auth_type : 44 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0169 auth_level : 06 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 016a auth_pad_len : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 016b auth_reserved: 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 016c auth_context_id: 00000001 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000170 smb_io_rpc_auth_schannel_chk >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0170 sig : 77 00 7a 00 ff ff 00 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0178 seq_num: d1 12 c6 b6 22 2f fa 30 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0180 packet_digest: 03 4e 28 52 2f 65 b2 da >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0188 confounder: 5c 6b 37 85 4d 83 b4 a7 >[2006/11/08 12:11:56, 10] rpc_parse/parse_prs.c:schannel_decode(1710) > SCHANNEL: schannel_decode seq_num=1 data_len=336 >[2006/11/08 12:11:56, 10] rpc_parse/parse_prs.c:schannel_decode(1730) > SCHANNEL: schannel_decode seq_num=1 data_len=336 >[2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 400, data_len 336, ss_len 0 >[2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 400 at offset 0 >[2006/11/08 12:11:56, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x802 returned 672 bytes. >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_sam_logon >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 buffer_creds: 0019306c >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_cred >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_chal >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0004 data: dd ec 1e c2 d1 e3 e8 ef >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00000c smb_io_utime >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c time: 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 switch_value: 0003 >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 net_io_user_info3 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 ptr_user_info : 0015aed8 >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_time logon time >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 low : 6dc42ed0 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c high: 01c70314 >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_time logoff time >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 low : ffffffff >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 high: 7fffffff >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_time kickoff time >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 low : ffffffff >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c high: 7fffffff >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_time last set time >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 low : e66ea200 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 high: 01bb61e6 >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_time can change time >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0038 low : e66ea200 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c high: 01bb61e6 >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000040 smb_io_time must change time >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 low : ffffffff >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 high: 7fffffff >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000048 smb_io_unihdr hdr_user_name >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0048 uni_str_len: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 004a uni_max_len: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c buffer : 00000000 >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000050 smb_io_unihdr hdr_full_name >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0050 uni_str_len: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0052 uni_max_len: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 buffer : 00000000 >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000058 smb_io_unihdr hdr_logon_script >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0058 uni_str_len: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 005a uni_max_len: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c buffer : 00000000 >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000060 smb_io_unihdr hdr_profile_path >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0060 uni_str_len: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0062 uni_max_len: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 buffer : 00000000 >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000068 smb_io_unihdr hdr_home_dir >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0068 uni_str_len: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006a uni_max_len: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c buffer : 00000000 >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000070 smb_io_unihdr hdr_dir_drive >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0070 uni_str_len: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0072 uni_max_len: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 buffer : 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0078 logon_count : 0419 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 007a bad_pw_count : 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c user_rid : 0000040d >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0080 group_rid : 00000417 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0084 num_groups : 00000002 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0088 buffer_groups : 0015afa4 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 008c user_flgs : 00000120 >[2006/11/08 12:11:56, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) > dump_user_flgs > account has LOGON_EXTRA_SIDS > account has LOGON_NTLMV2_ENABLED >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0090 user_sess_key: 7a 88 fb b2 3d bd 68 bf d4 dd a7 e2 76 67 c0 c7 >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000a0 smb_io_unihdr hdr_logon_srv >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a0 uni_str_len: 000e >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a2 uni_max_len: 0010 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a4 buffer : 0015afcc >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000a8 smb_io_unihdr hdr_logon_dom >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a8 uni_str_len: 000c >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00aa uni_max_len: 000e >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ac buffer : 0015afdc >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b0 buffer_dom_id : 0015afb4 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00b4 lm_sess_key: 18 f1 a8 2d c1 41 9b d1 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00bc acct_flags : 00000000 >[2006/11/08 12:11:56, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) > dump_acct_flags >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c0 unkown: 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 unkown: 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c8 unkown: 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00cc unkown: 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d0 unkown: 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d4 unkown: 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d8 unkown: 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00dc num_other_sids: 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e0 buffer_other_sids: 00000000 >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unistr2 - NULL uni_user_name >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unistr2 - NULL uni_full_name >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unistr2 - NULL uni_logon_script >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unistr2 - NULL uni_profile_path >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unistr2 - NULL uni_home_dir >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unistr2 - NULL uni_dir_drive >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e4 num_groups2 : 00000002 >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e8 smb_io_gid >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e8 g_rid: 00000201 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ec attr : 00000007 >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000f0 smb_io_gid >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f0 g_rid: 00000417 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f4 attr : 00000007 >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000f8 smb_io_unistr2 uni_logon_srv >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f8 uni_max_len: 00000008 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00fc offset : 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0100 uni_str_len: 00000007 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0104 buffer : E.S.K.U.E.L.L. >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000112 smb_io_unistr2 uni_logon_dom >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0114 uni_max_len: 00000007 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0118 offset : 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 011c uni_str_len: 00000006 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0120 buffer : L.A.B.-.R.R. >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00012c smb_io_dom_sid2 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 012c num_auths: 00000004 >[2006/11/08 12:11:56, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000130 smb_io_dom_sid sid >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0130 sid_rev_num: 01 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0131 num_auths : 04 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0132 id_auth[0] : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0133 id_auth[1] : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0134 id_auth[2] : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0135 id_auth[3] : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0136 id_auth[4] : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0137 id_auth[5] : 05 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0138 sub_auths : 00000015 7b7e4147 61020126 26126b85 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0148 auth_resp : 402dc801 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 014c status : NT_STATUS_OK >[2006/11/08 12:11:56, 10] libsmb/credentials.c:creds_client_check(325) > creds_client_check: credentials check OK. >[2006/11/08 12:11:56, 10] passdb/secrets.c:secrets_named_mutex_release(791) > secrets_named_mutex: released mutex for ESKUELL >[2006/11/08 12:11:56, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user LAB-RR\wwwutz >[2006/11/08 12:11:56, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is lab-rr\wwwutz >[2006/11/08 12:11:56, 5] lib/username.c:Get_Pwnam_internals(82) > Trying _Get_Pwnam(), username as given is LAB-RR\wwwutz >[2006/11/08 12:11:56, 5] lib/username.c:Get_Pwnam_internals(92) > Trying _Get_Pwnam(), username as uppercase is LAB-RR\WWWUTZ >[2006/11/08 12:11:56, 5] lib/username.c:Get_Pwnam_internals(101) > Checking combinations of 0 uppercase letters in lab-rr\wwwutz >[2006/11/08 12:11:56, 5] lib/username.c:Get_Pwnam_internals(107) > Get_Pwnam_internals didn't find user [LAB-RR\wwwutz]! >[2006/11/08 12:11:56, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user wwwutz >[2006/11/08 12:11:56, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is wwwutz >[2006/11/08 12:11:56, 5] lib/username.c:Get_Pwnam_internals(107) > Get_Pwnam_internals did find user [wwwutz]! >[2006/11/08 12:11:56, 5] auth/auth_util.c:fill_sam_account(1532) > fill_sam_account: located username was [wwwutz] >[2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_username(533) > pdb_set_username: setting username wwwutz, was >[2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_fullname(602) > pdb_set_full_name: setting full name Peter Marquardt,R031,1430,, was >[2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_domain(556) > pdb_set_domain: setting domain WARTHOLE, was >[2006/11/08 12:11:56, 4] lib/substitute.c:automount_server(407) > Home server: warthole >[2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_profile_path(648) > pdb_set_profile_path: setting profile path \\warthole\wwwutz\profile, was >[2006/11/08 12:11:56, 4] lib/substitute.c:automount_server(407) > Home server: warthole >[2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_homedir(695) > pdb_set_homedir: setting home dir \\warthole\wwwutz, was >[2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(671) > pdb_set_dir_drive: setting dir drive , was NULL >[2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_logon_script(625) > pdb_set_logon_script: setting logon script , was >[2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_user_sid(462) > pdb_set_user_sid: setting user sid S-1-5-21-3841262117-2652492237-290310771-1260 >[2006/11/08 12:11:56, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-3841262117-2652492237-290310771-1260 from rid 1260 >[2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_nt_username(579) > pdb_set_nt_username: setting nt username wwwutz, was >[2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_username(533) > pdb_set_username: setting username wwwutz, was wwwutz >[2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_domain(556) > pdb_set_domain: setting domain LAB-RR, was WARTHOLE >[2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_user_sid(462) > pdb_set_user_sid: setting user sid S-1-5-21-2071871815-1627521318-638741381-1037 >[2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_group_sid(520) > pdb_set_group_sid: setting group sid S-1-5-21-3841262117-2652492237-290310771-513 >[2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_fullname(602) > pdb_set_full_name: setting full name , was Peter Marquardt,R031,1430, >[2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_logon_script(625) > pdb_set_logon_script: setting logon script , was >[2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_profile_path(648) > pdb_set_profile_path: setting profile path , was \\warthole\wwwutz\profile >[2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_homedir(695) > pdb_set_homedir: setting home dir , was \\warthole\wwwutz >[2006/11/08 12:11:56, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(671) > pdb_set_dir_drive: setting dir drive , was >[2006/11/08 12:11:56, 10] libsmb/samlogon_cache.c:netsamlogon_cache_store(134) > netsamlogon_cache_store: SID [S-1-5-21-2071871815-1627521318-638741381-1037] >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 timestamp: 4551bb7c >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000004 net_io_user_info3 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 ptr_user_info : 0015aed8 >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_time logon time >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 low : 6dc42ed0 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c high: 01c70314 >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_time logoff time >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 low : ffffffff >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 high: 7fffffff >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_time kickoff time >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 low : ffffffff >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c high: 7fffffff >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_time last set time >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 low : e66ea200 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 high: 01bb61e6 >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_time can change time >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 low : e66ea200 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c high: 01bb61e6 >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_time must change time >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 low : ffffffff >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 high: 7fffffff >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_unihdr hdr_user_name >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 uni_str_len: 000e >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a uni_max_len: 000e >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c buffer : 00000001 >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000040 smb_io_unihdr hdr_full_name >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0040 uni_str_len: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0042 uni_max_len: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 buffer : 00000000 >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000048 smb_io_unihdr hdr_logon_script >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0048 uni_str_len: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 004a uni_max_len: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c buffer : 00000000 >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000050 smb_io_unihdr hdr_profile_path >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0050 uni_str_len: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0052 uni_max_len: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 buffer : 00000000 >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000058 smb_io_unihdr hdr_home_dir >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0058 uni_str_len: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 005a uni_max_len: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c buffer : 00000000 >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000060 smb_io_unihdr hdr_dir_drive >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0060 uni_str_len: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0062 uni_max_len: 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 buffer : 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0068 logon_count : 0419 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006a bad_pw_count : 0000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c user_rid : 0000040d >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 group_rid : 00000417 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 num_groups : 00000002 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 buffer_groups : 0015afa4 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c user_flgs : 00000120 >[2006/11/08 12:11:56, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) > dump_user_flgs > account has LOGON_EXTRA_SIDS > account has LOGON_NTLMV2_ENABLED >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0080 user_sess_key: 09 94 83 62 f1 7d 25 a6 3b 56 b0 b6 7b 29 b5 d2 >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000090 smb_io_unihdr hdr_logon_srv >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0090 uni_str_len: 000e >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0092 uni_max_len: 0010 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0094 buffer : 0015afcc >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000098 smb_io_unihdr hdr_logon_dom >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0098 uni_str_len: 000c >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009a uni_max_len: 000e >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 009c buffer : 0015afdc >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a0 buffer_dom_id : 0015afb4 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00a4 lm_sess_key: 6b ed d0 fd 0d 81 d6 c8 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ac acct_flags : 00000000 >[2006/11/08 12:11:56, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) > dump_acct_flags >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b0 unkown: 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b4 unkown: 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b8 unkown: 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00bc unkown: 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c0 unkown: 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 unkown: 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c8 unkown: 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00cc num_other_sids: 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d0 buffer_other_sids: 00000000 >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000d4 smb_io_unistr2 uni_user_name >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d4 uni_max_len: 00000007 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d8 offset : 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00dc uni_str_len: 00000007 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00e0 buffer : w.w.w.u.t.z... >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ee smb_io_unistr2 - NULL uni_full_name >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ee smb_io_unistr2 - NULL uni_logon_script >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ee smb_io_unistr2 - NULL uni_profile_path >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ee smb_io_unistr2 - NULL uni_home_dir >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ee smb_io_unistr2 - NULL uni_dir_drive >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f0 num_groups2 : 00000002 >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000f4 smb_io_gid >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f4 g_rid: 00000201 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f8 attr : 00000007 >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000fc smb_io_gid >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00fc g_rid: 00000417 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0100 attr : 00000007 >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000104 smb_io_unistr2 uni_logon_srv >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0104 uni_max_len: 00000008 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0108 offset : 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 010c uni_str_len: 00000007 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0110 buffer : E.S.K.U.E.L.L. >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00011e smb_io_unistr2 uni_logon_dom >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0120 uni_max_len: 00000007 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0124 offset : 00000000 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0128 uni_str_len: 00000006 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 012c buffer : L.A.B.-.R.R. >[2006/11/08 12:11:56, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000138 smb_io_dom_sid2 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0138 num_auths: 00000004 >[2006/11/08 12:11:56, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00013c smb_io_dom_sid sid >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 013c sid_rev_num: 01 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 013d num_auths : 04 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 013e id_auth[0] : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 013f id_auth[1] : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0140 id_auth[2] : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0141 id_auth[3] : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0142 id_auth[4] : 00 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0143 id_auth[5] : 05 >[2006/11/08 12:11:56, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0144 sub_auths : 00000015 7b7e4147 61020126 26126b85 >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,45) >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,45) wrote 45 >[2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2052 > smb_pid=16040 > smb_uid=4096 > smb_mid=13 > smt_wct=0 > smb_bcc=0 >[2006/11/08 12:11:56, 10] libsmb/clientgen.c:cli_rpc_pipe_close(383) > cli_rpc_pipe_close: closed pipe \NETLOGON to machine ESKUELL >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,39) >[2006/11/08 12:11:56, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,39) wrote 39 >[2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=2052 > smb_pid=16040 > smb_uid=4096 > smb_mid=14 > smt_wct=0 > smb_bcc=0 >[2006/11/08 12:11:56, 3] auth/auth.c:check_ntlm_password(269) > check_ntlm_password: winbind authentication for user [wwwutz] succeeded >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:56, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:56, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:56, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:56, 5] auth/auth.c:check_ntlm_password(295) > check_ntlm_password: PAM Account for user [wwwutz] succeeded >[2006/11/08 12:11:56, 2] auth/auth.c:check_ntlm_password(304) > check_ntlm_password: authentication for user [wwwutz] -> [wwwutz] -> [wwwutz] succeeded >[2006/11/08 12:11:56, 5] auth/auth_util.c:free_user_info(1866) > attempting to free (and zero) a user_info structure >[2006/11/08 12:11:56, 10] auth/auth_util.c:free_user_info(1869) > structure was created for wwwutz >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: WARTHOLE\wwwutz => WARTHOLE (domain), wwwutz (name) >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:56, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:56, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:56, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:56, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) > getsampwnam (smbpasswd): search by name: wwwutz >[2006/11/08 12:11:56, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) > startsmbfilepwent_internal: opening file /var/samba/private/smbpasswd >[2006/11/08 12:11:56, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) > getsmbfilepwent: end of file reached. >[2006/11/08 12:11:56, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) > endsmbfilepwent_internal: closed password file. >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:56, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:56, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:56, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: Unix User\wwwutz => Unix User (domain), wwwutz (name) >[2006/11/08 12:11:56, 10] lib/util_pw.c:getpwnam_alloc(76) > Got wwwutz from pwnam_cache >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_uid(1209) > sid_to_uid: S-1-22-1-130 -> 130 >[2006/11/08 12:11:56, 10] lib/system_smbd.c:sys_getgrouplist(125) > sys_getgrouplist: user [wwwutz] >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:56, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:56, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:56, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 15 -> S-1-22-2-15 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 12003 -> S-1-22-2-12003 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 121 -> S-1-22-2-121 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 20 -> S-1-22-2-20 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 209 -> S-1-22-2-209 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 263 -> S-1-22-2-263 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 219 -> S-1-22-2-219 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 352 -> S-1-22-2-352 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 0 -> S-1-22-2-0 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 257 -> S-1-22-2-257 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 1000 -> S-1-22-2-1000 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 369 -> S-1-22-2-369 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 154 -> S-1-22-2-154 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 400 -> S-1-22-2-400 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 5000 -> S-1-22-2-5000 >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-1-130] >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-15] >[2006/11/08 12:11:56, 5] lib/privileges.c:get_privileges_for_sids(458) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: > SE_PRIV 0x0 0x0 0x0 0x0 >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-12003] >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-121] >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-20] >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-209] >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-263] >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-219] >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-352] >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-0] >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-257] >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-1000] >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-369] >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-154] >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-400] >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-5000] >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-15 -> 15 >[2006/11/08 12:11:56, 10] auth/auth_util.c:create_local_token(1022) > Could not convert SID S-1-1-0 to gid, ignoring it >[2006/11/08 12:11:56, 10] auth/auth_util.c:create_local_token(1022) > Could not convert SID S-1-5-2 to gid, ignoring it >[2006/11/08 12:11:56, 10] auth/auth_util.c:create_local_token(1022) > Could not convert SID S-1-5-11 to gid, ignoring it >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-12003 -> 12003 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-121 -> 121 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-20 -> 20 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-209 -> 209 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-263 -> 263 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-219 -> 219 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-352 -> 352 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-0 -> 0 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-257 -> 257 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-1000 -> 1000 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-369 -> 369 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-154 -> 154 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-400 -> 400 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-5000 -> 5000 >[2006/11/08 12:11:56, 10] auth/auth_util.c:debug_nt_user_token(452) > NT user token of user S-1-22-1-130 > contains 19 SIDs > SID[ 0]: S-1-22-1-130 > SID[ 1]: S-1-22-2-15 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-12003 > SID[ 6]: S-1-22-2-121 > SID[ 7]: S-1-22-2-20 > SID[ 8]: S-1-22-2-209 > SID[ 9]: S-1-22-2-263 > SID[ 10]: S-1-22-2-219 > SID[ 11]: S-1-22-2-352 > SID[ 12]: S-1-22-2-0 > SID[ 13]: S-1-22-2-257 > SID[ 14]: S-1-22-2-1000 > SID[ 15]: S-1-22-2-369 > SID[ 16]: S-1-22-2-154 > SID[ 17]: S-1-22-2-400 > SID[ 18]: S-1-22-2-5000 > SE_PRIV 0x0 0x0 0x0 0x0 >[2006/11/08 12:11:56, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(132) > Got NT session key of length 16 >[2006/11/08 12:11:56, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(139) > Got LM session key of length 8 >[2006/11/08 12:11:56, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(738) > ntlmssp_server_auth: Created NTLM2 session key. >[2006/11/08 12:11:56, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) > NTLMSSP Sign/Seal - Initialising with flags: >[2006/11/08 12:11:56, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0xe0088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP_NEGOTIATE_56 >[2006/11/08 12:11:56, 10] smbd/password.c:register_vuid(185) > register_vuid: allocated vuid = 101 >[2006/11/08 12:11:56, 10] lib/util_pw.c:getpwnam_alloc(76) > Got wwwutz from pwnam_cache >[2006/11/08 12:11:56, 10] smbd/password.c:register_vuid(273) > register_vuid: (130,15) wwwutz wwwutz LAB-RR guest=0 >[2006/11/08 12:11:56, 3] smbd/password.c:register_vuid(279) > User name: wwwutz Real name: >[2006/11/08 12:11:56, 3] smbd/password.c:register_vuid(300) > UNIX uid 130 is UNIX user wwwutz, and will be vuid 101 >[2006/11/08 12:11:56, 7] param/loadparm.c:lp_servicenumber(5112) > lp_servicenumber: couldn't find wwwutz >[2006/11/08 12:11:56, 3] smbd/password.c:register_vuid(330) > Adding homes service for user 'wwwutz' using home directory: '/home/wwwutz' >[2006/11/08 12:11:56, 8] param/loadparm.c:add_a_service(2494) > add_a_service: Creating snum = 346 for wwwutz >[2006/11/08 12:11:56, 10] param/loadparm.c:hash_a_service(2541) > hash_a_service: hashing index 346 for service name wwwutz >[2006/11/08 12:11:56, 3] param/loadparm.c:lp_add_home(2587) > adding home's share [wwwutz] for user 'wwwutz' at '/home/wwwutz' >[2006/11/08 12:11:56, 6] param/loadparm.c:lp_file_list_changed(2998) > lp_file_list_changed() > file /usr/local/samba/etc/smb.conf.service.bkps -> /usr/local/samba/etc/smb.conf.service.bkps last mod_time: Tue Nov 7 10:59:35 2006 > > file /usr/local/samba/etc/smb.conf.global.%h -> /usr/local/samba/etc/smb.conf.global.warthole last mod_time: Thu Jan 1 01:00:00 1970 > > file /usr/local/samba/etc/smb.conf.global -> /usr/local/samba/etc/smb.conf.global last mod_time: Tue Nov 7 10:59:35 2006 > > file /usr/local/samba/etc/smb.conf -> /usr/local/samba/etc/smb.conf last mod_time: Wed Nov 8 12:11:08 2006 > >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=104 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=20480 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=61 >[2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) > [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x > [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 > [020] 00 2E 00 30 00 2E 00 32 00 33 00 63 00 00 00 4C ...0...2 .3.c...L > [030] 00 41 00 42 00 2D 00 52 00 52 00 00 00 .A.B.-.R .R... >[2006/11/08 12:11:56, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: 60 >[2006/11/08 12:11:56, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 96 >[2006/11/08 12:11:56, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x60 >[2006/11/08 12:11:56, 3] smbd/process.c:process_smb(1110) > Transaction 3 of length 100 >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:56, 5] lib/util.c:show_msg(481) > size=96 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=20544 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=53 >[2006/11/08 12:11:56, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 5C 00 57 00 41 00 52 00 54 00 48 00 4F .\.\.W.A .R.T.H.O > [010] 00 4C 00 45 00 5C 00 4D 00 41 00 4D 00 45 00 50 .L.E.\.M .A.M.E.P > [020] 00 49 00 4D 00 41 00 47 00 45 00 53 00 00 00 3F .I.M.A.G .E.S...? > [030] 3F 3F 3F 3F 00 ????. >[2006/11/08 12:11:56, 3] smbd/process.c:switch_message(914) > switch message SMBtconX (pid 16040) conn 0x0 >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:56, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:56, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:56, 5] smbd/uid.c:change_to_root_user(274) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/11/08 12:11:56, 4] smbd/reply.c:reply_tcon_and_X(668) > Client requested device type [?????] for share [MAMEPIMAGES] >[2006/11/08 12:11:56, 5] smbd/service.c:make_connection(1116) > making a connection to 'normal' service mamepimages >[2006/11/08 12:11:56, 10] smbd/share_access.c:user_ok_token(224) > user_ok_token: share mamepimages is ok for unix user wwwutz >[2006/11/08 12:11:56, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user wwwutz >[2006/11/08 12:11:56, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is wwwutz >[2006/11/08 12:11:56, 10] lib/util_pw.c:getpwnam_alloc(76) > Got wwwutz from pwnam_cache >[2006/11/08 12:11:56, 5] lib/username.c:Get_Pwnam_internals(107) > Get_Pwnam_internals did find user [wwwutz]! >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: WARTHOLE\imgdata => WARTHOLE (domain), imgdata (name) >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:56, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:56, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:56, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:56, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) > getsampwnam (smbpasswd): search by name: imgdata >[2006/11/08 12:11:56, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) > startsmbfilepwent_internal: opening file /var/samba/private/smbpasswd >[2006/11/08 12:11:56, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) > getsmbfilepwent: end of file reached. >[2006/11/08 12:11:56, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) > endsmbfilepwent_internal: closed password file. >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:56, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:56, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:56, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: Unix User\imgdata => Unix User (domain), imgdata (name) >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_uid(1209) > sid_to_uid: S-1-22-1-1087 -> 1087 >[2006/11/08 12:11:56, 10] lib/system_smbd.c:sys_getgrouplist(125) > sys_getgrouplist: user [imgdata] >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:56, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:56, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:56, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 372 -> S-1-22-2-372 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 392 -> S-1-22-2-392 >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-1-1087] >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-372] >[2006/11/08 12:11:56, 5] lib/privileges.c:get_privileges_for_sids(458) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: > SE_PRIV 0x0 0x0 0x0 0x0 >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-392] >[2006/11/08 12:11:56, 3] smbd/service.c:make_connection_snum(672) > Forced user imgdata >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: WARTHOLE\abt_her => WARTHOLE (domain), abt_her (name) >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:56, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:56, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:56, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: Unix Group\abt_her => Unix Group (domain), abt_her (name) >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-9000 -> 9000 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: WARTHOLE\imgdata => WARTHOLE (domain), imgdata (name) >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:56, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:56, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:56, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:56, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) > getsampwnam (smbpasswd): search by name: imgdata >[2006/11/08 12:11:56, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) > startsmbfilepwent_internal: opening file /var/samba/private/smbpasswd >[2006/11/08 12:11:56, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) > getsmbfilepwent: end of file reached. >[2006/11/08 12:11:56, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) > endsmbfilepwent_internal: closed password file. >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:56, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:56, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:56, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: Unix User\imgdata => Unix User (domain), imgdata (name) >[2006/11/08 12:11:56, 10] lib/util_pw.c:getpwnam_alloc(76) > Got imgdata from pwnam_cache >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:sid_to_uid(1209) > sid_to_uid: S-1-22-1-1087 -> 1087 >[2006/11/08 12:11:56, 10] lib/system_smbd.c:sys_getgrouplist(125) > sys_getgrouplist: user [imgdata] >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:56, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:56, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:56, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:56, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 372 -> S-1-22-2-372 >[2006/11/08 12:11:56, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 392 -> S-1-22-2-392 >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-1-1087] >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-372] >[2006/11/08 12:11:56, 5] lib/privileges.c:get_privileges_for_sids(458) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: > SE_PRIV 0x0 0x0 0x0 0x0 >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2006/11/08 12:11:56, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-392] >[2006/11/08 12:11:56, 10] smbd/service.c:make_connection_snum(736) > Could not convert SID S-1-22-1-1087 to gid, ignoring it >[2006/11/08 12:11:56, 0] lib/util_str.c:safe_strcat_fn(636) > ERROR: string overflow by 7 in safe_strcat [-1802264934] >[2006/11/08 12:11:56, 0] lib/util_str.c:safe_strcat_fn(636) > ERROR: string overflow by 11 in safe_strcat [-1651269932] >[2006/11/08 12:11:56, 0] lib/util_str.c:safe_strcat_fn(636) > ERROR: string overflow by 10 in safe_strcat [-745763429] >[2006/11/08 12:11:56, 0] lib/util_str.c:safe_strcat_fn(636) > ERROR: string overflow by 11 in safe_strcat [-1851880033] >[2006/11/08 12:11:56, 0] lib/util_str.c:safe_strcat_fn(636) > ERROR: string overflow by 11 in safe_strcat [-1680630116] >[2006/11/08 12:11:56, 0] lib/util_str.c:safe_strcat_fn(636) > ERROR: string overflow by 11 in safe_strcat [-1702061423] >[2006/11/08 12:11:56, 0] lib/util_str.c:safe_strcat_fn(636) > ERROR: string overflow by 11 in safe_strcat [-2003053682] >[2006/11/08 12:11:57, 6] param/loadparm.c:lp_file_list_changed(2998) > lp_file_list_changed() > file /usr/local/samba/etc/smb.conf.service.bkps -> /usr/local/samba/etc/smb.conf.service.bkps last mod_time: Tue Nov 7 10:59:35 2006 > > file /usr/local/samba/etc/smb.conf.global.%h -> /usr/local/samba/etc/smb.conf.global.warthole last mod_time: Thu Jan 1 01:00:00 1970 > > file /usr/local/samba/etc/smb.conf.global -> /usr/local/samba/etc/smb.conf.global last mod_time: Tue Nov 7 10:59:35 2006 > > file /usr/local/samba/etc/smb.conf -> /usr/local/samba/etc/smb.conf last mod_time: Wed Nov 8 12:11:08 2006 > >[2006/11/08 12:11:57, 5] auth/auth_util.c:make_user_info_map(160) > make_user_info_map: Mapping user [lab-rr]\[wwwutz] from workstation [WALDI] >[2006/11/08 12:11:57, 10] lib/gencache.c:gencache_get(285) > Returning valid cache entry: key = TDOMCACHE/TIMESTAMP, value = 1162983779, timeout = Wed Nov 8 12:12:59 2006 >[2006/11/08 12:11:57, 10] libsmb/trustdom_cache.c:update_trustdom_cache(326) > update_trustdom_cache: not time to update trustdom_cache yet >[2006/11/08 12:11:57, 10] lib/gencache.c:gencache_get(312) > Cache entry with key = TDOM/LAB-RR couldn't be found >[2006/11/08 12:11:57, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) > no entry for trusted domain lab-rr found. >[2006/11/08 12:11:57, 5] auth/auth_util.c:make_user_info(75) > attempting to make a user_info for wwwutz (wwwutz) >[2006/11/08 12:11:57, 5] auth/auth_util.c:make_user_info(85) > making strings for wwwutz's user_info struct >[2006/11/08 12:11:57, 5] auth/auth_util.c:make_user_info(117) > making blobs for wwwutz's user_info struct >[2006/11/08 12:11:57, 10] auth/auth_util.c:make_user_info(135) > made an encrypted user_info for wwwutz (wwwutz) >[2006/11/08 12:11:57, 3] auth/auth.c:check_ntlm_password(220) > check_ntlm_password: Checking password for unmapped user [lab-rr]\[wwwutz]@[WALDI] with the new password interface >[2006/11/08 12:11:57, 3] auth/auth.c:check_ntlm_password(223) > check_ntlm_password: mapped user is: [LAB-RR]\[wwwutz]@[WALDI] >[2006/11/08 12:11:57, 10] auth/auth.c:check_ntlm_password(232) > check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) >[2006/11/08 12:11:57, 10] auth/auth.c:check_ntlm_password(235) > challenge is: >[2006/11/08 12:11:57, 5] lib/util.c:dump_data(2215) > [000] 33 43 A6 A4 83 99 C3 27 3C.....' >[2006/11/08 12:11:57, 10] auth/auth.c:check_ntlm_password(261) > check_ntlm_password: guest had nothing to say >[2006/11/08 12:11:57, 8] lib/util.c:is_myname(2036) > is_myname("LAB-RR") returns 0 >[2006/11/08 12:11:57, 6] auth/auth_sam.c:check_samstrict_security(412) > check_samstrict_security: LAB-RR is not one of my local names (ROLE_DOMAIN_MEMBER) >[2006/11/08 12:11:57, 10] auth/auth.c:check_ntlm_password(261) > check_ntlm_password: sam had nothing to say >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:57, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 8] libsmb/namequery.c:get_sorted_dc_list(1550) > get_sorted_dc_list: attempting lookup using [lmhosts wins host bcast] >[2006/11/08 12:11:57, 10] lib/gencache.c:gencache_get(285) > Returning valid cache entry: key = SAF/DOMAIN/LAB-RR, value = ESKUELL, timeout = Wed Nov 8 12:26:56 2006 >[2006/11/08 12:11:57, 5] libsmb/namequery.c:saf_fetch(107) > saf_fetch: Returning "ESKUELL" for "LAB-RR" domain >[2006/11/08 12:11:57, 3] libsmb/namequery.c:get_dc_list(1426) > get_dc_list: preferred server list: "ESKUELL, *" >[2006/11/08 12:11:57, 10] libsmb/namequery.c:internal_resolve_name(1132) > internal_resolve_name: looking up LAB-RR#1c >[2006/11/08 12:11:57, 10] lib/gencache.c:gencache_get(285) > Returning valid cache entry: key = NBT/LAB-RR#1C, value = 141.14.16.97:0,141.14.17.120:0,141.14.17.130:0,141.14.19.244:0, timeout = Wed Nov 8 12:13:59 2006 >[2006/11/08 12:11:57, 5] libsmb/namecache.c:namecache_fetch(201) > name LAB-RR#1C found. >[2006/11/08 12:11:57, 8] libsmb/namequery.c:get_dc_list(1441) > Adding 4 DC's from auto lookup >[2006/11/08 12:11:57, 10] libsmb/namequery.c:internal_resolve_name(1132) > internal_resolve_name: looking up ESKUELL#20 >[2006/11/08 12:11:57, 10] lib/gencache.c:gencache_get(285) > Returning valid cache entry: key = NBT/ESKUELL#20, value = 141.14.16.97:0, timeout = Wed Nov 8 12:13:59 2006 >[2006/11/08 12:11:57, 5] libsmb/namecache.c:namecache_fetch(201) > name ESKUELL#20 found. >[2006/11/08 12:11:57, 10] libsmb/namequery.c:remove_duplicate_addrs2(408) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2006/11/08 12:11:57, 4] libsmb/namequery.c:get_dc_list(1528) > get_dc_list: returning 4 ip addresses in an ordered list >[2006/11/08 12:11:57, 4] libsmb/namequery.c:get_dc_list(1530) > get_dc_list: 141.14.16.97:0 141.14.17.120:0 141.14.17.130:0 141.14.19.244:0 >[2006/11/08 12:11:57, 10] libsmb/namequery.c:name_status_find(275) > name_status_find: looking up LAB-RR#1c at 141.14.16.97 >[2006/11/08 12:11:57, 10] lib/gencache.c:gencache_get(312) > Cache entry with key = NBT/LAB-RR#1C.20.141.14.16.97 couldn't be found >[2006/11/08 12:11:57, 5] libsmb/namecache.c:namecache_status_fetch(308) > namecache_status_fetch: no entry for NBT/LAB-RR#1C.20.141.14.16.97 found. >[2006/11/08 12:11:57, 10] lib/gencache.c:gencache_del(218) > Deleting cache entry (key = NBT/LAB-RR#1C.20.141.14.16.97) >[2006/11/08 12:11:57, 10] lib/util_sock.c:open_socket_in(839) > bind succeeded on port 0 >[2006/11/08 12:11:57, 5] libsmb/nmblib.c:send_udp(776) > Sending a packet of len 50 to (141.14.16.97) on port 137 >[2006/11/08 12:11:57, 10] lib/util_sock.c:read_udp_socket(293) > read_udp_socket: lastip 141.14.16.97 lastport 137 read: 301 >[2006/11/08 12:11:57, 10] libsmb/nmblib.c:parse_nmb(506) > parse_nmb: packet id = 1426 >[2006/11/08 12:11:57, 5] libsmb/nmblib.c:read_packet(754) > Received a packet of len 301 from (141.14.16.97) port 137 >[2006/11/08 12:11:57, 4] libsmb/nmblib.c:debug_nmb_packet(112) > nmb packet from 141.14.16.97(137) header: id=1426 opcode=Query(0) response=Yes > header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=LAB-RR<1c> rr_type=33 rr_class=1 ttl=0 > answers 0 char .ESKUELL hex 0A45534B55454C4C2020202020202020 > answers 10 char .D.LAB-RR hex 0044004C41422D525220202020202020 > answers 20 char ...LAB-RR hex 202000C4004C41422D52522020202020 > answers 30 char ...ESKUELL hex 202020201CC40045534B55454C4C2020 > answers 40 char D.LAB-RR hex 2020202020202044004C41422D525220 > answers 50 char .D.ESKUE hex 20202020202020201B440045534B5545 > answers 60 char LL .D.ADM hex 4C4C202020202020202003440041444D > answers 70 char INISTRATOR .D.L hex 494E4953545241544F5220200344004C > answers 80 char AB-RR .. hex 41422D52522020202020202020201EC4 > answers 90 char .LAB-RR hex 004C41422D5252202020202020202020 > answers a0 char .D...__MSBROWSE_ hex 1D440001025F5F4D5342524F5753455F > answers b0 char _........]...... hex 5F0201C4000000F8025D840000000000 > answers c0 char ................ hex 00000000000000000000000000000000 > answers d0 char ................ hex 00000000000000000000000000000000 > answers e0 char ... hex 000000 >[2006/11/08 12:11:57, 10] libsmb/namequery.c:parse_node_status(157) > ESKUELL#00: flags = 0x44 >[2006/11/08 12:11:57, 10] libsmb/namequery.c:parse_node_status(157) > LAB-RR#00: flags = 0xc4 >[2006/11/08 12:11:57, 10] libsmb/namequery.c:parse_node_status(157) > LAB-RR#1c: flags = 0xc4 >[2006/11/08 12:11:57, 10] libsmb/namequery.c:parse_node_status(157) > ESKUELL#20: flags = 0x44 >[2006/11/08 12:11:57, 10] libsmb/namequery.c:parse_node_status(157) > LAB-RR#1b: flags = 0x44 >[2006/11/08 12:11:57, 10] libsmb/namequery.c:parse_node_status(157) > ESKUELL#03: flags = 0x44 >[2006/11/08 12:11:57, 10] libsmb/namequery.c:parse_node_status(157) > ADMINISTRATOR#03: flags = 0x44 >[2006/11/08 12:11:57, 10] libsmb/namequery.c:parse_node_status(157) > LAB-RR#1e: flags = 0xc4 >[2006/11/08 12:11:57, 10] libsmb/namequery.c:parse_node_status(157) > LAB-RR#1d: flags = 0x44 >[2006/11/08 12:11:57, 10] libsmb/namequery.c:parse_node_status(157) > __MSBROWSE__#01: flags = 0xc4 >[2006/11/08 12:11:57, 10] libsmb/namequery.c:name_status_find(315) > name_status_find: name found, name ESKUELL ip address is 141.14.16.97 >[2006/11/08 12:11:57, 3] libsmb/namequery_dc.c:rpc_dc_name(116) > rpc_dc_name: Returning DC ESKUELL (141.14.16.97) for domain LAB-RR >[2006/11/08 12:11:57, 10] passdb/secrets.c:secrets_named_mutex(779) > secrets_named_mutex: got mutex for ESKUELL >[2006/11/08 12:11:57, 3] libsmb/cliconnect.c:cli_start_connection(1417) > Connecting to host=ESKUELL >[2006/11/08 12:11:57, 3] lib/util_sock.c:open_socket_out(874) > Connecting to 141.14.16.97 at port 445 >[2006/11/08 12:11:57, 2] lib/util_sock.c:open_socket_out(910) > error connecting to 141.14.16.97:445 (Connection refused) >[2006/11/08 12:11:57, 3] lib/util_sock.c:open_socket_out(874) > Connecting to 141.14.16.97 at port 139 >[2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 0 >[2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 0 >[2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 4 >[2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 8 >[2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEPORT = 0 >[2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 33580 >[2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 33580 >[2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1460 >[2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2006/11/08 12:11:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,72) >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,72) wrote 72 >[2006/11/08 12:11:57, 5] libsmb/cliconnect.c:cli_session_request(1262) > Sent session request >[2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 0 >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=0 > smb_com=0x0 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=0 > smb_flg2=0 > smb_tid=0 > smb_pid=0 > smb_uid=0 > smb_mid=0 > smt_wct=0 > smb_bcc=0 >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,183) >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,183) wrote 183 >[2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 91 >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=91 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=2695 > smb_uid=0 > smb_mid=2 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=65283 (0xFF03) > smb_vwv[ 2]= 257 (0x101) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 17 (0x11) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 67 (0x43) > smb_vwv[11]=36864 (0x9000) > smb_vwv[12]=32442 (0x7EBA) > smb_vwv[13]= 9950 (0x26DE) > smb_vwv[14]=50947 (0xC703) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 2303 (0x8FF) > smb_bcc=22 >[2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) > [000] 8A AD 22 1A 51 E8 30 4E 4C 00 41 00 42 00 2D 00 ..".Q.0N L.A.B.-. > [010] 52 00 52 00 00 00 R.R... >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=91 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=2695 > smb_uid=0 > smb_mid=2 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=65283 (0xFF03) > smb_vwv[ 2]= 257 (0x101) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 17 (0x11) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 67 (0x43) > smb_vwv[11]=36864 (0x9000) > smb_vwv[12]=32442 (0x7EBA) > smb_vwv[13]= 9950 (0x26DE) > smb_vwv[14]=50947 (0xC703) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 2303 (0x8FF) > smb_bcc=22 >[2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) > [000] 8A AD 22 1A 51 E8 30 4E 4C 00 41 00 42 00 2D 00 ..".Q.0N L.A.B.-. > [010] 52 00 52 00 00 00 R.R... >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,92) >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,92) wrote 92 >[2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 124 >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=124 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=2695 > smb_uid=22528 > smb_mid=3 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 124 (0x7C) > smb_vwv[ 2]= 0 (0x0) > smb_bcc=83 >[2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) > [000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [010] 00 4E 00 54 00 20 00 34 00 2E 00 30 00 00 00 4E .N.T. .4 ...0...N > [020] 00 54 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 .T. .L.A .N. .M.a > [030] 00 6E 00 61 00 67 00 65 00 72 00 20 00 34 00 2E .n.a.g.e .r. .4.. > [040] 00 30 00 00 00 4C 00 41 00 42 00 2D 00 52 00 52 .0...L.A .B.-.R.R > [050] 00 00 00 ... >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=124 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=2695 > smb_uid=22528 > smb_mid=3 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 124 (0x7C) > smb_vwv[ 2]= 0 (0x0) > smb_bcc=83 >[2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) > [000] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. > [010] 00 4E 00 54 00 20 00 34 00 2E 00 30 00 00 00 4E .N.T. .4 ...0...N > [020] 00 54 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 61 .T. .L.A .N. .M.a > [030] 00 6E 00 61 00 67 00 65 00 72 00 20 00 34 00 2E .n.a.g.e .r. .4.. > [040] 00 30 00 00 00 4C 00 41 00 42 00 2D 00 52 00 52 .0...L.A .B.-.R.R > [050] 00 00 00 ... >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,82) >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,82) wrote 82 >[2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 48 >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=48 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=12288 > smb_pid=2695 > smb_uid=22528 > smb_mid=4 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 1 (0x1) > smb_bcc=7 >[2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) > [000] 49 50 43 00 00 00 00 IPC.... >[2006/11/08 12:11:57, 10] libsmb/clientgen.c:cli_init_creds(233) > cli_init_creds: user domain >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,108) >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,108) wrote 108 >[2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 103 >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=12288 > smb_pid=2695 > smb_uid=22528 > smb_mid=5 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 1024 (0x400) > smb_vwv[ 3]= 288 (0x120) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2006/11/08 12:11:57, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2040) > Bind RPC Pipe[2004]: \NETLOGON auth_type 0, auth_level 0 >[2006/11/08 12:11:57, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) > Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. > [010] 01 00 00 00 .... >[2006/11/08 12:11:57, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [010] 02 00 00 00 .... >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0048 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_rb >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_contexts: 01 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c context_id : 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001e num_transfer_syntaxes: 01 >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001f smb_io_rpc_iface >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 12345678 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : 1234 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : abcd >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : ef 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 01 23 45 67 cf fb >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000001 >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_rpc_iface >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_uuid uuid >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 data : 8a885d04 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 data : 1ceb >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a data : 11c9 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003c data : 9f e8 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003e data : 08 00 2b 10 48 60 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 version: 00000002 >[2006/11/08 12:11:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x2004 >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=12288 > smb_pid=2695 > smb_uid=22528 > smb_mid=6 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8196 (0x2004) > smb_bcc=87 >[2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,158) >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,158) wrote 158 >[2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 124 >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=12288 > smb_pid=2695 > smb_uid=22528 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) > [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... > [010] 00 B8 10 B8 10 3B 79 06 00 0C 00 5C 50 49 50 45 .....;y. ...\PIPE > [020] 5C 6C 73 61 73 73 00 82 64 01 00 00 00 00 00 00 \lsass.. d....... > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=12288 > smb_pid=2695 > smb_uid=22528 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) > [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... > [010] 00 B8 10 B8 10 3B 79 06 00 0C 00 5C 50 49 50 45 .....;y. ...\PIPE > [020] 5C 6C 73 61 73 73 00 82 64 01 00 00 00 00 00 00 \lsass.. d....... > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/11/08 12:11:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 68 at offset 0 >[2006/11/08 12:11:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x2004 returned 68 bytes. >[2006/11/08 12:11:57, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2077) > rpc_pipe_bind: Remote machine ESKUELL pipe \NETLOGON fnum 0x2004 bind request returned ok. >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0044 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000001 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_ba >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 0006793b >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_addr_str >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0018 len: 000c >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a str: \PIPE\lsass. >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000026 smb_io_rpc_results >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0028 num_results: 01 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002c result : 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002e reason : 0000 >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_rpc_iface >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_uuid uuid >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 data : 8a885d04 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0034 data : 1ceb >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0036 data : 11c9 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0038 data : 9f e8 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003a data : 08 00 2b 10 48 60 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 version: 00000002 >[2006/11/08 12:11:57, 5] rpc_client/cli_pipe.c:check_bind_response(1701) > check_bind_response: accepted! >[2006/11/08 12:11:57, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(2270) > cli_rpc_pipe_open_noauth: opened pipe \NETLOGON to machine ESKUELL and bound anonymously. >[2006/11/08 12:11:57, 4] passdb/secrets.c:secrets_fetch_trust_account_password(285) > Using cleartext machine password >[2006/11/08 12:11:57, 4] rpc_client/cli_netlogon.c:rpccli_net_req_chal(45) > cli_net_req_chal: LSA Request Challenge from WARTHOLE to \\ESKUELL >[2006/11/08 12:11:57, 5] rpc_parse/parse_net.c:init_q_req_chal(679) > init_q_req_chal: 679 >[2006/11/08 12:11:57, 5] rpc_parse/parse_net.c:init_q_req_chal(688) > init_q_req_chal: 688 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_req_chal >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 undoc_buffer: 00000001 >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 0000000a >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 0000000a >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.E.S.K.U.E.L.L... >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_unistr2 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 uni_max_len: 00000009 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 offset : 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c uni_str_len: 00000009 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0030 buffer : W.A.R.T.H.O.L.E... >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000042 smb_io_chal >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0042 data: c5 7c 72 c1 dc 3c 44 33 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0062 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000002 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000004a >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 0004 >[2006/11/08 12:11:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x2004 >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=180 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=12288 > smb_pid=2695 > smb_uid=22528 > smb_mid=7 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 98 (0x62) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 98 (0x62) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8196 (0x2004) > smb_bcc=113 >[2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 62 00 00 00 02 00 00 00 4A .......b .......J > [020] 00 00 00 00 00 04 00 01 00 00 00 0A 00 00 00 00 ........ ........ > [030] 00 00 00 0A 00 00 00 5C 00 5C 00 45 00 53 00 4B .......\ .\.E.S.K > [040] 00 55 00 45 00 4C 00 4C 00 00 00 09 00 00 00 00 .U.E.L.L ........ > [050] 00 00 00 09 00 00 00 57 00 41 00 52 00 54 00 48 .......W .A.R.T.H > [060] 00 4F 00 4C 00 45 00 00 00 C5 7C 72 C1 DC 3C 44 .O.L.E.. ..|r..<D > [070] 33 3 >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,184) >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,184) wrote 184 >[2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 92 >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=12288 > smb_pid=2695 > smb_uid=22528 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) > [000] 62 05 00 02 03 10 00 00 00 24 00 00 00 02 00 00 b....... .$...... > [010] 00 0C 00 00 00 00 00 00 00 2F A6 E0 7C 90 01 00 ........ ./..|... > [020] 00 00 00 00 00 ..... >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=12288 > smb_pid=2695 > smb_uid=22528 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) > [000] 62 05 00 02 03 10 00 00 00 24 00 00 00 02 00 00 b....... .$...... > [010] 00 0C 00 00 00 00 00 00 00 2F A6 E0 7C 90 01 00 ........ ./..|... > [020] 00 00 00 00 00 ..... >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0024 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000002 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000000c >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/11/08 12:11:57, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0 >[2006/11/08 12:11:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 36 at offset 0 >[2006/11/08 12:11:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x2004 returned 24 bytes. >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_req_chal >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_chal >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0000 data: 2f a6 e0 7c 90 01 00 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 0008 status: NT_STATUS_OK >[2006/11/08 12:11:57, 10] libsmb/credentials.c:creds_client_init(286) > creds_client_init: neg_flags : 400701ff >[2006/11/08 12:11:57, 10] libsmb/credentials.c:creds_client_init(287) > creds_client_init: client chal : C57C72C1DC3C4433 >[2006/11/08 12:11:57, 10] libsmb/credentials.c:creds_client_init(288) > creds_client_init: server chal : 2FA6E07C90010000 >[2006/11/08 12:11:57, 5] libsmb/credentials.c:creds_init_64(117) > creds_init_64 >[2006/11/08 12:11:57, 5] libsmb/credentials.c:creds_init_64(118) > clnt_chal_in: C57C72C1DC3C4433 >[2006/11/08 12:11:57, 5] libsmb/credentials.c:creds_init_64(119) > srv_chal_in : 2FA6E07C90010000 >[2006/11/08 12:11:57, 5] libsmb/credentials.c:creds_init_64(120) > clnt+srv : F422533E6C3E4433 >[2006/11/08 12:11:57, 5] libsmb/credentials.c:creds_init_64(121) > sess_key_out : 52590F299F3B3EA8 >[2006/11/08 12:11:57, 10] libsmb/credentials.c:creds_client_init(306) > creds_client_init: clnt : 79922C0633B8D037 >[2006/11/08 12:11:57, 10] libsmb/credentials.c:creds_client_init(307) > creds_client_init: server : 647B5D62AC808982 >[2006/11/08 12:11:57, 10] libsmb/credentials.c:creds_client_init(308) > creds_client_init: seed : 79922C0633B8D037 >[2006/11/08 12:11:57, 4] rpc_client/cli_netlogon.c:rpccli_net_auth2(168) > cli_net_auth2: srv:\\ESKUELL acct:WARTHOLE$ sc:2 mc: WARTHOLE neg: 400701ff >[2006/11/08 12:11:57, 5] rpc_parse/parse_net.c:init_q_auth_2(800) > init_q_auth_2: 800 >[2006/11/08 12:11:57, 5] rpc_parse/parse_misc.c:init_log_info(1409) > make_log_info 1409 >[2006/11/08 12:11:57, 5] rpc_parse/parse_net.c:init_q_auth_2(806) > init_q_auth_2: 806 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_auth_2 >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_log_info >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 undoc_buffer: 00000001 >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 unistr2 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 0000000a >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 0000000a >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.E.S.K.U.E.L.L... >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_unistr2 unistr2 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 uni_max_len: 0000000a >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 offset : 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c uni_str_len: 0000000a >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0030 buffer : W.A.R.T.H.O.L.E.$... >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0044 sec_chan: 0002 >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000046 smb_io_unistr2 unistr2 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0048 uni_max_len: 00000009 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c offset : 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0050 uni_str_len: 00000009 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0054 buffer : W.A.R.T.H.O.L.E... >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000066 smb_io_chal >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0066 data: 79 92 2c 06 33 b8 d0 37 >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00006e net_io_neg_flags >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 neg_flags: 400701ff >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 008c >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000074 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 000f >[2006/11/08 12:11:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x2004 >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=222 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=12288 > smb_pid=2695 > smb_uid=22528 > smb_mid=8 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 140 (0x8C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 140 (0x8C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8196 (0x2004) > smb_bcc=155 >[2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 8C 00 00 00 03 00 00 00 74 ........ .......t > [020] 00 00 00 00 00 0F 00 01 00 00 00 0A 00 00 00 00 ........ ........ > [030] 00 00 00 0A 00 00 00 5C 00 5C 00 45 00 53 00 4B .......\ .\.E.S.K > [040] 00 55 00 45 00 4C 00 4C 00 00 00 0A 00 00 00 00 .U.E.L.L ........ > [050] 00 00 00 0A 00 00 00 57 00 41 00 52 00 54 00 48 .......W .A.R.T.H > [060] 00 4F 00 4C 00 45 00 24 00 00 00 02 00 00 00 09 .O.L.E.$ ........ > [070] 00 00 00 00 00 00 00 09 00 00 00 57 00 41 00 52 ........ ...W.A.R > [080] 00 54 00 48 00 4F 00 4C 00 45 00 00 00 79 92 2C .T.H.O.L .E...y., > [090] 06 33 B8 D0 37 00 00 FF 01 07 40 .3..7... ..@ >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,226) >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,226) wrote 226 >[2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 96 >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=12288 > smb_pid=2695 > smb_uid=22528 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) > [000] 8C 05 00 02 03 10 00 00 00 28 00 00 00 03 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 64 7B 5D 62 AC 80 89 ........ .d{]b... > [020] 82 FF 01 00 40 00 00 00 00 ....@... . >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=12288 > smb_pid=2695 > smb_uid=22528 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) > [000] 8C 05 00 02 03 10 00 00 00 28 00 00 00 03 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 64 7B 5D 62 AC 80 89 ........ .d{]b... > [020] 82 FF 01 00 40 00 00 00 00 ....@... . >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0028 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000003 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000010 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/11/08 12:11:57, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0 >[2006/11/08 12:11:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 40 at offset 0 >[2006/11/08 12:11:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x2004 returned 32 bytes. >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_auth_2 >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_chal >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0000 data: 64 7b 5d 62 ac 80 89 82 >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 net_io_neg_flags >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 neg_flags: 400001ff >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 000c status: NT_STATUS_OK >[2006/11/08 12:11:57, 10] libsmb/credentials.c:creds_client_check(325) > creds_client_check: credentials check OK. >[2006/11/08 12:11:57, 5] rpc_client/cli_netlogon.c:rpccli_netlogon_setup_creds(344) > rpccli_netlogon_setup_creds: server ESKUELL credential chain established. >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,108) >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,108) wrote 108 >[2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 103 >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=12288 > smb_pid=2695 > smb_uid=22528 > smb_mid=9 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 103 (0x67) > smb_vwv[ 2]= 1280 (0x500) > smb_vwv[ 3]= 288 (0x120) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 16 (0x10) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2006/11/08 12:11:57, 5] rpc_client/cli_pipe.c:rpc_pipe_bind(2040) > Bind RPC Pipe[2005]: \NETLOGON auth_type 2, auth_level 6 >[2006/11/08 12:11:57, 5] rpc_client/cli_pipe.c:valid_pipe_name(1647) > Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. > [010] 01 00 00 00 .... >[2006/11/08 12:11:57, 5] rpc_client/cli_pipe.c:valid_pipe_name(1650) > Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [010] 02 00 00 00 .... >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_auth_schannel_neg schannel_neg >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 type1: 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 type2: 00000003 >[2006/11/08 12:11:57, 6] lib/util.c:dump_data(2215) > [000] 4C 41 42 2D 52 52 LAB-RR >[2006/11/08 12:11:57, 6] lib/util.c:dump_data(2215) > [000] 57 41 52 54 48 4F 4C 45 WARTHOLE >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0b >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0068 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0018 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_rb >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0018 num_contexts: 01 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001c context_id : 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001e num_transfer_syntaxes: 01 >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00001f smb_io_rpc_iface >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 data : 12345678 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0024 data : 1234 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0026 data : abcd >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0028 data : ef 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 002a data : 01 23 45 67 cf fb >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 version: 00000001 >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_rpc_iface >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_uuid uuid >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 data : 8a885d04 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 data : 1ceb >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a data : 11c9 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003c data : 9f e8 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003e data : 08 00 2b 10 48 60 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 version: 00000002 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000048 smb_io_rpc_hdr_auth hdr_auth >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0048 auth_type : 44 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0049 auth_level : 06 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 004a auth_pad_len : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 004b auth_reserved: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c auth_context_id: 00000001 >[2006/11/08 12:11:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x2005 >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=186 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=12288 > smb_pid=2695 > smb_uid=22528 > smb_mid=10 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 104 (0x68) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8197 (0x2005) > smb_bcc=119 >[2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 68 00 18 00 04 00 00 00 B8 .......h ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ > [060] 00 00 00 03 00 00 00 4C 41 42 2D 52 52 00 57 41 .......L AB-RR.WA > [070] 52 54 48 4F 4C 45 00 RTHOLE. >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,190) >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,190) wrote 190 >[2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 144 >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=12288 > smb_pid=2695 > smb_uid=22528 > smb_mid=10 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 88 (0x58) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=89 >[2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) > [000] 68 05 00 0C 03 10 00 00 00 58 00 0C 00 04 00 00 h....... .X...... > [010] 00 B8 10 B8 10 3C 79 06 00 0C 00 5C 50 49 50 45 .....<y. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ > [050] 00 00 00 00 00 00 6B 03 80 ......k. . >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=12288 > smb_pid=2695 > smb_uid=22528 > smb_mid=10 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 88 (0x58) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=89 >[2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) > [000] 68 05 00 0C 03 10 00 00 00 58 00 0C 00 04 00 00 h....... .X...... > [010] 00 B8 10 B8 10 3C 79 06 00 0C 00 5C 50 49 50 45 .....<y. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ > [050] 00 00 00 00 00 00 6B 03 80 ......k. . >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0058 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 000c >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/11/08 12:11:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 88 at offset 0 >[2006/11/08 12:11:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x2005 returned 88 bytes. >[2006/11/08 12:11:57, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2077) > rpc_pipe_bind: Remote machine ESKUELL pipe \NETLOGON fnum 0x2005 bind request returned ok. >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 0c >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0058 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 000c >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000004 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_ba >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_bba >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 max_tsize: 10b8 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0012 max_rsize: 10b8 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 assoc_gid: 0006793c >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_addr_str >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0018 len: 000c >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 001a str: \PIPE\lsass. >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000026 smb_io_rpc_results >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0028 num_results: 01 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002c result : 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002e reason : 0000 >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_rpc_iface >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_uuid uuid >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 data : 8a885d04 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0034 data : 1ceb >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0036 data : 11c9 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0038 data : 9f e8 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 003a data : 08 00 2b 10 48 60 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 version: 00000002 >[2006/11/08 12:11:57, 5] rpc_client/cli_pipe.c:check_bind_response(1701) > check_bind_response: accepted! >[2006/11/08 12:11:57, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel_with_key(2534) > cli_rpc_pipe_open_schannel_with_key: opened pipe \NETLOGON to machine ESKUELL for domain LAB-RR and bound using schannel. >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,45) >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,45) wrote 45 >[2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=12288 > smb_pid=2695 > smb_uid=22528 > smb_mid=11 > smt_wct=0 > smb_bcc=0 >[2006/11/08 12:11:57, 10] libsmb/clientgen.c:cli_rpc_pipe_close(383) > cli_rpc_pipe_close: closed pipe \NETLOGON to machine ESKUELL >[2006/11/08 12:11:57, 10] libsmb/namequery.c:saf_store(70) > saf_store: domain = [LAB-RR], server = [ESKUELL], expire = [1162985217] >[2006/11/08 12:11:57, 10] lib/gencache.c:gencache_set(128) > Adding cache entry with key = SAF/DOMAIN/LAB-RR; value = ESKUELL and timeout = Wed Nov 8 12:26:57 2006 > (900 seconds ahead) >[2006/11/08 12:11:57, 5] libsmb/credentials.c:creds_step(148) > sequence = 0x4551bb7f >[2006/11/08 12:11:57, 5] libsmb/credentials.c:creds_step(150) > seed: 79922C0633B8D037 >[2006/11/08 12:11:57, 5] libsmb/credentials.c:creds_step(155) > seed+seq F84D7E4B33B8D037 >[2006/11/08 12:11:57, 5] libsmb/credentials.c:creds_step(159) > CLIENT B3DB68C2C2FAAEA7 >[2006/11/08 12:11:57, 5] libsmb/credentials.c:creds_step(164) > seed+seq+1 F94D7E4B33B8D037 >[2006/11/08 12:11:57, 5] libsmb/credentials.c:creds_step(168) > SERVER 4FA73C784C4DB972 >[2006/11/08 12:11:57, 5] libsmb/credentials.c:creds_reseed(238) > cred_reseed: seed F94D7E4B33B8D037 >[2006/11/08 12:11:57, 5] rpc_parse/parse_net.c:init_id_info2(1181) > init_id_info2: 1181 >[2006/11/08 12:11:57, 5] rpc_parse/parse_misc.c:init_logon_id(1588) > make_logon_id: 1588 >[2006/11/08 12:11:57, 5] rpc_parse/parse_net.c:init_sam_info(1275) > init_sam_info: 1275 >[2006/11/08 12:11:57, 5] rpc_parse/parse_misc.c:init_clnt_info2(1503) > make_clnt_info: 1503 >[2006/11/08 12:11:57, 5] rpc_parse/parse_misc.c:init_clnt_srv(1348) > init_clnt_srv: 1348 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_sam_logon >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_sam_info >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_clnt_info2 >[2006/11/08 12:11:57, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_clnt_srv >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 undoc_buffer : 00000001 >[2006/11/08 12:11:57, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 unistr2 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 uni_max_len: 0000000a >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 offset : 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c uni_str_len: 0000000a >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0010 buffer : \.\.E.S.K.U.E.L.L... >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 undoc_buffer2: 00000001 >[2006/11/08 12:11:57, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_unistr2 unistr2 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 uni_max_len: 00000009 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c offset : 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 uni_str_len: 00000009 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0034 buffer : W.A.R.T.H.O.L.E... >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0048 ptr_cred: 00000001 >[2006/11/08 12:11:57, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00004c smb_io_cred >[2006/11/08 12:11:57, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00004c smb_io_chal >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 004c data: b3 db 68 c2 c2 fa ae a7 >[2006/11/08 12:11:57, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000054 smb_io_utime >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 time: 4551bb7f >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0058 ptr_rtn_cred : 00000001 >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00005c smb_io_cred >[2006/11/08 12:11:57, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00005c smb_io_chal >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 005c data: 00 00 00 00 00 00 00 00 >[2006/11/08 12:11:57, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000064 smb_io_utime >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 time: 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0068 logon_level : 0002 >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00006a smb_io_sam_info_ctr logon_info >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006a switch_value : 0002 >[2006/11/08 12:11:57, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00006c net_io_id_info2 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c ptr_id_info2: 00000001 >[2006/11/08 12:11:57, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000070 smb_io_unihdr unihdr >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0070 uni_str_len: 000c >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0072 uni_max_len: 000c >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 buffer : 00000001 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 param_ctrl: 00000820 >[2006/11/08 12:11:57, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00007c smb_io_logon_id >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c low : 0000dead >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0080 high: 0000beef >[2006/11/08 12:11:57, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000084 smb_io_unihdr unihdr >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0084 uni_str_len: 000c >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0086 uni_max_len: 000c >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0088 buffer : 00000001 >[2006/11/08 12:11:57, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00008c smb_io_unihdr unihdr >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 008c uni_str_len: 000e >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 008e uni_max_len: 000e >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0090 buffer : 00000001 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0094 lm_chal: 33 43 a6 a4 83 99 c3 27 >[2006/11/08 12:11:57, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00009c smb_io_strhdr hdr_nt_chal_resp >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009c str_str_len: 0018 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009e str_max_len: 0018 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a0 buffer : 00000001 >[2006/11/08 12:11:57, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000a4 smb_io_strhdr hdr_lm_chal_resp >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a4 str_str_len: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a6 str_max_len: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a8 buffer : 00000000 >[2006/11/08 12:11:57, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000ac smb_io_unistr2 uni_domain_name >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ac uni_max_len: 00000006 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b0 offset : 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b4 uni_str_len: 00000006 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00b8 buffer : L.A.B.-.R.R. >[2006/11/08 12:11:57, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000c4 smb_io_unistr2 uni_user_name >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 uni_max_len: 00000006 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c8 offset : 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00cc uni_str_len: 00000006 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00d0 buffer : w.w.w.u.t.z. >[2006/11/08 12:11:57, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000dc smb_io_unistr2 uni_wksta_name >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00dc uni_max_len: 00000007 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e0 offset : 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e4 uni_str_len: 00000007 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00e8 buffer : \.\.W.A.L.D.I. >[2006/11/08 12:11:57, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000f6 smb_io_string2 nt_chal_resp >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f8 str_max_len: 00000018 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00fc offset : 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0100 str_str_len: 00000018 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_string2(1096) > 0104 buffer : o...m.......d.a'.....D.. >[2006/11/08 12:11:57, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00011c smb_io_string2 - NULL lm_chal_resp >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 011c validation_level: 0003 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0160 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0020 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000005 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_req hdr_req >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 0000011e >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 opnum : 0002 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000138 smb_io_rpc_hdr_auth hdr_auth >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0138 auth_type : 44 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0139 auth_level : 06 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 013a auth_pad_len : 02 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 013b auth_reserved: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 013c auth_context_id: 00000001 >[2006/11/08 12:11:57, 10] rpc_client/cli_pipe.c:add_schannel_auth_footer(1356) > add_schannel_auth_footer: SCHANNEL seq_num=0 >[2006/11/08 12:11:57, 10] rpc_parse/parse_prs.c:schannel_encode(1633) > SCHANNEL: schannel_encode seq_num=0 data_len=288 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000140 smb_io_rpc_auth_schannel_chk >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0140 sig : 77 00 7a 00 ff ff 00 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0148 seq_num: 19 86 8c 46 9b 9c 0c b4 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0150 packet_digest: c1 56 ae 36 c8 6a f5 05 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0158 confounder: 68 59 e2 09 be f9 4b f2 >[2006/11/08 12:11:57, 5] rpc_client/cli_pipe.c:rpc_api_pipe(767) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x2005 >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=434 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=12288 > smb_pid=2695 > smb_uid=22528 > smb_mid=12 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 352 (0x160) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 352 (0x160) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8197 (0x2005) > smb_bcc=367 >[2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 60 01 20 00 05 00 00 00 1E .......` . ...... > [020] 01 00 00 00 00 02 00 FD 41 FE 7A BB ED 2D 55 A9 ........ A.z..-U. > [030] FF 7F 5E 10 BA E4 AB D9 34 E4 C8 D0 57 37 0E C6 ..^..... 4...W7.. > [040] 81 E1 D1 9D E2 12 18 C4 C9 90 70 C1 C3 DC F8 33 ........ ..p....3 > [050] CE 20 01 ED D2 55 3B 34 0A 1D 4D 17 F0 BB DE 97 . ...U;4 ..M..... > [060] ED C7 74 9A 0C 7C 74 DF 52 20 DC 31 AC 40 32 A0 ..t..|t. R .1.@2. > [070] 48 D3 E0 96 FA E6 FE CB F3 35 C0 15 05 7C EA 4D H....... .5...|.M > [080] AB 67 81 86 5A 93 91 F4 C5 CE 73 4A B0 EA 1A 6D .g..Z... ..sJ...m > [090] 37 37 3B 19 31 74 78 43 5B 79 E4 FE 0E E5 AF 39 77;.1txC [y.....9 > [0A0] 8C 9F E4 41 5B 07 D7 A1 CB 3C 3E B8 26 C0 83 C1 ...A[... .<>.&... > [0B0] D9 FA F5 70 55 75 54 B8 C1 31 65 0C 0B D5 F7 23 ...pUuT. .1e....# > [0C0] F3 46 2E 85 A7 75 B7 9C 57 43 9D 0E 93 CE 41 23 .F...u.. WC....A# > [0D0] 49 FA A5 F9 AA A7 18 16 B2 48 B6 2D 9A CB 89 52 I....... .H.-...R > [0E0] 5C 0E C7 2C 97 4C 28 6B D6 48 37 C3 5B 93 42 21 \..,.L(k .H7.[.B! > [0F0] 2A 10 11 47 F8 96 B9 EA 8C 20 AC 39 29 8F 00 F4 *..G.... . .9)... > [100] DC BC FD 33 0B E9 8D FB 84 FB BB 0C B7 82 A6 5A ...3.... .......Z > [110] A5 81 5F 3E 57 34 2F 20 6F 73 56 57 09 62 5A F2 .._>W4/ osVW.bZ. > [120] 8A 49 45 8B 1E 61 C8 32 E8 9B 96 12 57 8A 2F D8 .IE..a.2 ....W./. > [130] AD 48 F1 28 5E 85 A1 1F B7 28 9C 36 2C 8F 35 8F .H.(^... .(.6,.5. > [140] 04 FA FA BD B3 F4 51 44 06 02 00 01 00 00 00 77 ......QD .......w > [150] 00 7A 00 FF FF 00 00 19 86 8C 46 9B 9C 0C B4 C1 .z...... ..F..... > [160] 56 AE 36 C8 6A F5 05 68 59 E2 09 BE F9 4B F2 V.6.j..h Y....K. >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,438) >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,438) wrote 438 >[2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 456 >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=456 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=12288 > smb_pid=2695 > smb_uid=22528 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 400 (0x190) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 400 (0x190) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=401 >[2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) > [000] 60 05 00 02 03 10 00 00 00 90 01 20 00 05 00 00 `....... ... .... > [010] 00 50 01 00 00 00 00 00 00 47 07 3E 14 7C 7A B3 .P...... .G.>.|z. > [020] FB 2F E4 CE 4C 3F D2 28 C8 C7 1D 94 E5 5F 7C C5 ./..L?.( ....._|. > [030] 12 92 B7 E2 49 C0 5C B2 43 47 8D 39 A2 6F E5 46 ....I.\. CG.9.o.F > [040] 04 AA 4B 32 1B 33 77 FA 9D BC 1F 3D B8 50 D2 03 ..K2.3w. ...=.P.. > [050] 7D B5 0A FB F6 D9 E0 7C 90 01 CC E2 B9 25 AA 57 }......| .....%.W > [060] 92 77 40 79 4C FF D5 67 A3 10 81 34 99 2C B7 C8 .w@yL..g ...4.,.. > [070] 5E C0 EC E5 98 49 B6 CA D1 33 5C 02 DE 32 C5 A4 ^....I.. .3\..2.. > [080] E2 4A 1F 8C 15 BD 9B F5 A9 F6 DE B0 5F D0 EB 9E .J...... ...._... > [090] DB 69 44 EA 6E B5 15 05 CF B7 B1 55 A2 5C E1 B4 .iD.n... ...U.\.. > [0A0] 47 A7 C7 30 FA 84 97 3E 47 2D 7B 27 94 D5 B0 79 G..0...> G-{'...y > [0B0] F3 ED 97 F6 C2 FE 7E AA 48 4F FD 4C 6D 74 03 03 ......~. HO.Lmt.. > [0C0] 96 A9 DB 5D 8D 2E DB 4B 67 DC 1F 5C 72 F5 41 F3 ...]...K g..\r.A. > [0D0] 96 35 CC D2 94 1B 3E 35 8C B5 93 64 7F C0 D5 F6 .5....>5 ...d.... > [0E0] 3B 04 B6 61 9E 9D 12 F6 E9 07 AD 23 4A 25 04 BE ;..a.... ...#J%.. > [0F0] 8F CA B3 F7 6D 78 0A 69 99 F0 1E 09 F8 ED B3 2F ....mx.i ......./ > [100] 07 20 89 42 8F C8 84 D8 59 82 0E 6D 23 E9 91 2A . .B.... Y..m#..* > [110] 75 25 BA DC E4 02 F4 79 DE 1A 06 5C C7 C2 2A 7C u%.....y ...\..*| > [120] F9 D2 AB 4A A1 C8 2C DC A6 0B E0 53 CB E8 E2 65 ...J..,. ...S...e > [130] 37 ED 29 EF 72 2A B4 41 07 16 4B 27 FF F7 F4 76 7.).r*.A ..K'...v > [140] 72 6C 5F 46 9E DF D4 8C 92 2F 98 CD EA F1 F1 FA rl_F.... ./...... > [150] B3 54 45 29 3C 48 87 C9 39 6F AB 0F 0A C9 58 A8 .TE)<H.. 9o....X. > [160] EA 62 F1 7C 30 7E 02 49 8F 44 06 00 00 01 00 00 .b.|0~.I .D...... > [170] 00 77 00 7A 00 FF FF 00 00 F0 BF E5 6E C3 8E E9 .w.z.... ....n... > [180] 2E 37 6C 5D 6D 6B CC D8 AC AB DD D6 F7 1E 05 02 .7l]mk.. ........ > [190] 7F . >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=456 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=12288 > smb_pid=2695 > smb_uid=22528 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 400 (0x190) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 400 (0x190) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=401 >[2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) > [000] 60 05 00 02 03 10 00 00 00 90 01 20 00 05 00 00 `....... ... .... > [010] 00 50 01 00 00 00 00 00 00 47 07 3E 14 7C 7A B3 .P...... .G.>.|z. > [020] FB 2F E4 CE 4C 3F D2 28 C8 C7 1D 94 E5 5F 7C C5 ./..L?.( ....._|. > [030] 12 92 B7 E2 49 C0 5C B2 43 47 8D 39 A2 6F E5 46 ....I.\. CG.9.o.F > [040] 04 AA 4B 32 1B 33 77 FA 9D BC 1F 3D B8 50 D2 03 ..K2.3w. ...=.P.. > [050] 7D B5 0A FB F6 D9 E0 7C 90 01 CC E2 B9 25 AA 57 }......| .....%.W > [060] 92 77 40 79 4C FF D5 67 A3 10 81 34 99 2C B7 C8 .w@yL..g ...4.,.. > [070] 5E C0 EC E5 98 49 B6 CA D1 33 5C 02 DE 32 C5 A4 ^....I.. .3\..2.. > [080] E2 4A 1F 8C 15 BD 9B F5 A9 F6 DE B0 5F D0 EB 9E .J...... ...._... > [090] DB 69 44 EA 6E B5 15 05 CF B7 B1 55 A2 5C E1 B4 .iD.n... ...U.\.. > [0A0] 47 A7 C7 30 FA 84 97 3E 47 2D 7B 27 94 D5 B0 79 G..0...> G-{'...y > [0B0] F3 ED 97 F6 C2 FE 7E AA 48 4F FD 4C 6D 74 03 03 ......~. HO.Lmt.. > [0C0] 96 A9 DB 5D 8D 2E DB 4B 67 DC 1F 5C 72 F5 41 F3 ...]...K g..\r.A. > [0D0] 96 35 CC D2 94 1B 3E 35 8C B5 93 64 7F C0 D5 F6 .5....>5 ...d.... > [0E0] 3B 04 B6 61 9E 9D 12 F6 E9 07 AD 23 4A 25 04 BE ;..a.... ...#J%.. > [0F0] 8F CA B3 F7 6D 78 0A 69 99 F0 1E 09 F8 ED B3 2F ....mx.i ......./ > [100] 07 20 89 42 8F C8 84 D8 59 82 0E 6D 23 E9 91 2A . .B.... Y..m#..* > [110] 75 25 BA DC E4 02 F4 79 DE 1A 06 5C C7 C2 2A 7C u%.....y ...\..*| > [120] F9 D2 AB 4A A1 C8 2C DC A6 0B E0 53 CB E8 E2 65 ...J..,. ...S...e > [130] 37 ED 29 EF 72 2A B4 41 07 16 4B 27 FF F7 F4 76 7.).r*.A ..K'...v > [140] 72 6C 5F 46 9E DF D4 8C 92 2F 98 CD EA F1 F1 FA rl_F.... ./...... > [150] B3 54 45 29 3C 48 87 C9 39 6F AB 0F 0A C9 58 A8 .TE)<H.. 9o....X. > [160] EA 62 F1 7C 30 7E 02 49 8F 44 06 00 00 01 00 00 .b.|0~.I .D...... > [170] 00 77 00 7A 00 FF FF 00 00 F0 BF E5 6E C3 8E E9 .w.z.... ....n... > [180] 2E 37 6C 5D 6D 6B CC D8 AC AB DD D6 F7 1E 05 02 .7l]mk.. ........ > [190] 7F . >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr rpc_hdr >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0000 major : 05 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0001 minor : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0002 pkt_type : 02 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0003 flags : 03 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0004 pack_type0: 10 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0005 pack_type1: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0006 pack_type2: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0007 pack_type3: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0008 frag_len : 0190 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000a auth_len : 0020 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c call_id : 00000005 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp rpc_hdr_resp >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 alloc_hint: 00000150 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 context_id: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0016 cancel_ct : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0017 reserved : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000168 smb_io_rpc_hdr_auth hdr_auth >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0168 auth_type : 44 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0169 auth_level : 06 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 016a auth_pad_len : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 016b auth_reserved: 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 016c auth_context_id: 00000001 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000170 smb_io_rpc_auth_schannel_chk >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0170 sig : 77 00 7a 00 ff ff 00 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0178 seq_num: f0 bf e5 6e c3 8e e9 2e >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0180 packet_digest: 37 6c 5d 6d 6b cc d8 ac >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0188 confounder: ab dd d6 f7 1e 05 02 7f >[2006/11/08 12:11:57, 10] rpc_parse/parse_prs.c:schannel_decode(1710) > SCHANNEL: schannel_decode seq_num=1 data_len=336 >[2006/11/08 12:11:57, 10] rpc_parse/parse_prs.c:schannel_decode(1730) > SCHANNEL: schannel_decode seq_num=1 data_len=336 >[2006/11/08 12:11:57, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(576) > cli_pipe_validate_current_pdu: got pdu len 400, data_len 336, ss_len 0 >[2006/11/08 12:11:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(842) > rpc_api_pipe: got PDU len of 400 at offset 0 >[2006/11/08 12:11:57, 10] rpc_client/cli_pipe.c:rpc_api_pipe(890) > rpc_api_pipe: Remote machine ESKUELL pipe \NETLOGON fnum 0x2005 returned 672 bytes. >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_sam_logon >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 buffer_creds: 001b207c >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_cred >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_chal >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0004 data: 4f a7 3c 78 4c 4d b9 72 >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00000c smb_io_utime >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c time: 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0010 switch_value: 0003 >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 net_io_user_info3 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 ptr_user_info : 0015aed8 >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_time logon time >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 low : 6dc42ed0 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c high: 01c70314 >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_time logoff time >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 low : ffffffff >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 high: 7fffffff >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_time kickoff time >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 low : ffffffff >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c high: 7fffffff >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_time last set time >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 low : e66ea200 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 high: 01bb61e6 >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_time can change time >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0038 low : e66ea200 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c high: 01bb61e6 >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000040 smb_io_time must change time >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 low : ffffffff >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 high: 7fffffff >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000048 smb_io_unihdr hdr_user_name >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0048 uni_str_len: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 004a uni_max_len: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c buffer : 00000000 >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000050 smb_io_unihdr hdr_full_name >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0050 uni_str_len: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0052 uni_max_len: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 buffer : 00000000 >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000058 smb_io_unihdr hdr_logon_script >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0058 uni_str_len: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 005a uni_max_len: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c buffer : 00000000 >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000060 smb_io_unihdr hdr_profile_path >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0060 uni_str_len: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0062 uni_max_len: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 buffer : 00000000 >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000068 smb_io_unihdr hdr_home_dir >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0068 uni_str_len: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006a uni_max_len: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c buffer : 00000000 >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000070 smb_io_unihdr hdr_dir_drive >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0070 uni_str_len: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0072 uni_max_len: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 buffer : 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0078 logon_count : 0419 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 007a bad_pw_count : 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c user_rid : 0000040d >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0080 group_rid : 00000417 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0084 num_groups : 00000002 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0088 buffer_groups : 0015afa4 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 008c user_flgs : 00000120 >[2006/11/08 12:11:57, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) > dump_user_flgs > account has LOGON_EXTRA_SIDS > account has LOGON_NTLMV2_ENABLED >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0090 user_sess_key: c1 99 92 7b 7f ff 72 7b 01 69 88 14 82 9a 81 09 >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000a0 smb_io_unihdr hdr_logon_srv >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a0 uni_str_len: 000e >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a2 uni_max_len: 0010 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a4 buffer : 0015afcc >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000a8 smb_io_unihdr hdr_logon_dom >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a8 uni_str_len: 000c >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00aa uni_max_len: 000e >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ac buffer : 0015afdc >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b0 buffer_dom_id : 0015afb4 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00b4 lm_sess_key: a3 e0 c1 e4 83 03 81 15 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00bc acct_flags : 00000000 >[2006/11/08 12:11:57, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) > dump_acct_flags >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c0 unkown: 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 unkown: 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c8 unkown: 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00cc unkown: 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d0 unkown: 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d4 unkown: 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d8 unkown: 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00dc num_other_sids: 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e0 buffer_other_sids: 00000000 >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unistr2 - NULL uni_user_name >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unistr2 - NULL uni_full_name >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unistr2 - NULL uni_logon_script >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unistr2 - NULL uni_profile_path >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unistr2 - NULL uni_home_dir >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unistr2 - NULL uni_dir_drive >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e4 num_groups2 : 00000002 >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000e8 smb_io_gid >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e8 g_rid: 00000201 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ec attr : 00000007 >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000f0 smb_io_gid >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f0 g_rid: 00000417 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f4 attr : 00000007 >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0000f8 smb_io_unistr2 uni_logon_srv >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f8 uni_max_len: 00000008 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00fc offset : 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0100 uni_str_len: 00000007 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0104 buffer : E.S.K.U.E.L.L. >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000112 smb_io_unistr2 uni_logon_dom >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0114 uni_max_len: 00000007 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0118 offset : 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 011c uni_str_len: 00000006 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0120 buffer : L.A.B.-.R.R. >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00012c smb_io_dom_sid2 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 012c num_auths: 00000004 >[2006/11/08 12:11:57, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000130 smb_io_dom_sid sid >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0130 sid_rev_num: 01 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0131 num_auths : 04 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0132 id_auth[0] : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0133 id_auth[1] : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0134 id_auth[2] : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0135 id_auth[3] : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0136 id_auth[4] : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0137 id_auth[5] : 05 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0138 sub_auths : 00000015 7b7e4147 61020126 26126b85 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0148 auth_resp : 2d73d901 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 014c status : NT_STATUS_OK >[2006/11/08 12:11:57, 10] libsmb/credentials.c:creds_client_check(325) > creds_client_check: credentials check OK. >[2006/11/08 12:11:57, 10] passdb/secrets.c:secrets_named_mutex_release(791) > secrets_named_mutex: released mutex for ESKUELL >[2006/11/08 12:11:57, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user LAB-RR\wwwutz >[2006/11/08 12:11:57, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is lab-rr\wwwutz >[2006/11/08 12:11:57, 5] lib/username.c:Get_Pwnam_internals(82) > Trying _Get_Pwnam(), username as given is LAB-RR\wwwutz >[2006/11/08 12:11:57, 5] lib/username.c:Get_Pwnam_internals(92) > Trying _Get_Pwnam(), username as uppercase is LAB-RR\WWWUTZ >[2006/11/08 12:11:57, 5] lib/username.c:Get_Pwnam_internals(101) > Checking combinations of 0 uppercase letters in lab-rr\wwwutz >[2006/11/08 12:11:57, 5] lib/username.c:Get_Pwnam_internals(107) > Get_Pwnam_internals didn't find user [LAB-RR\wwwutz]! >[2006/11/08 12:11:57, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user wwwutz >[2006/11/08 12:11:57, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is wwwutz >[2006/11/08 12:11:57, 5] lib/username.c:Get_Pwnam_internals(107) > Get_Pwnam_internals did find user [wwwutz]! >[2006/11/08 12:11:57, 5] auth/auth_util.c:fill_sam_account(1532) > fill_sam_account: located username was [wwwutz] >[2006/11/08 12:11:57, 10] passdb/pdb_get_set.c:pdb_set_username(533) > pdb_set_username: setting username wwwutz, was >[2006/11/08 12:11:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(602) > pdb_set_full_name: setting full name Peter Marquardt,R031,1430,, was >[2006/11/08 12:11:57, 10] passdb/pdb_get_set.c:pdb_set_domain(556) > pdb_set_domain: setting domain WARTHOLE, was >[2006/11/08 12:11:57, 4] lib/substitute.c:automount_server(407) > Home server: warthole >[2006/11/08 12:11:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(648) > pdb_set_profile_path: setting profile path \\warthole\wwwutz\profile, was >[2006/11/08 12:11:57, 4] lib/substitute.c:automount_server(407) > Home server: warthole >[2006/11/08 12:11:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(695) > pdb_set_homedir: setting home dir \\warthole\wwwutz, was >[2006/11/08 12:11:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(671) > pdb_set_dir_drive: setting dir drive , was NULL >[2006/11/08 12:11:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(625) > pdb_set_logon_script: setting logon script , was >[2006/11/08 12:11:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(462) > pdb_set_user_sid: setting user sid S-1-5-21-3841262117-2652492237-290310771-1260 >[2006/11/08 12:11:57, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-3841262117-2652492237-290310771-1260 from rid 1260 >[2006/11/08 12:11:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(579) > pdb_set_nt_username: setting nt username wwwutz, was >[2006/11/08 12:11:57, 10] passdb/pdb_get_set.c:pdb_set_username(533) > pdb_set_username: setting username wwwutz, was wwwutz >[2006/11/08 12:11:57, 10] passdb/pdb_get_set.c:pdb_set_domain(556) > pdb_set_domain: setting domain LAB-RR, was WARTHOLE >[2006/11/08 12:11:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(462) > pdb_set_user_sid: setting user sid S-1-5-21-2071871815-1627521318-638741381-1037 >[2006/11/08 12:11:57, 10] passdb/pdb_get_set.c:pdb_set_group_sid(520) > pdb_set_group_sid: setting group sid S-1-5-21-3841262117-2652492237-290310771-513 >[2006/11/08 12:11:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(602) > pdb_set_full_name: setting full name , was Peter Marquardt,R031,1430, >[2006/11/08 12:11:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(625) > pdb_set_logon_script: setting logon script , was >[2006/11/08 12:11:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(648) > pdb_set_profile_path: setting profile path , was \\warthole\wwwutz\profile >[2006/11/08 12:11:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(695) > pdb_set_homedir: setting home dir , was \\warthole\wwwutz >[2006/11/08 12:11:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(671) > pdb_set_dir_drive: setting dir drive , was >[2006/11/08 12:11:57, 10] libsmb/samlogon_cache.c:netsamlogon_cache_store(134) > netsamlogon_cache_store: SID [S-1-5-21-2071871815-1627521318-638741381-1037] >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 timestamp: 4551bb7d >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000004 net_io_user_info3 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 ptr_user_info : 0015aed8 >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_time logon time >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 low : 6dc42ed0 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c high: 01c70314 >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_time logoff time >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 low : ffffffff >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 high: 7fffffff >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_time kickoff time >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 low : ffffffff >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c high: 7fffffff >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_time last set time >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 low : e66ea200 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 high: 01bb61e6 >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_time can change time >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 low : e66ea200 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c high: 01bb61e6 >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_time must change time >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 low : ffffffff >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 high: 7fffffff >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_unihdr hdr_user_name >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 uni_str_len: 000e >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a uni_max_len: 000e >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c buffer : 00000001 >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000040 smb_io_unihdr hdr_full_name >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0040 uni_str_len: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0042 uni_max_len: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 buffer : 00000000 >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000048 smb_io_unihdr hdr_logon_script >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0048 uni_str_len: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 004a uni_max_len: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c buffer : 00000000 >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000050 smb_io_unihdr hdr_profile_path >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0050 uni_str_len: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0052 uni_max_len: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 buffer : 00000000 >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000058 smb_io_unihdr hdr_home_dir >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0058 uni_str_len: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 005a uni_max_len: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c buffer : 00000000 >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000060 smb_io_unihdr hdr_dir_drive >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0060 uni_str_len: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0062 uni_max_len: 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 buffer : 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0068 logon_count : 0419 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006a bad_pw_count : 0000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c user_rid : 0000040d >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 group_rid : 00000417 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 num_groups : 00000002 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 buffer_groups : 0015afa4 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c user_flgs : 00000120 >[2006/11/08 12:11:57, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) > dump_user_flgs > account has LOGON_EXTRA_SIDS > account has LOGON_NTLMV2_ENABLED >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0080 user_sess_key: 09 94 83 62 f1 7d 25 a6 3b 56 b0 b6 7b 29 b5 d2 >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000090 smb_io_unihdr hdr_logon_srv >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0090 uni_str_len: 000e >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0092 uni_max_len: 0010 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0094 buffer : 0015afcc >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000098 smb_io_unihdr hdr_logon_dom >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0098 uni_str_len: 000c >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009a uni_max_len: 000e >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 009c buffer : 0015afdc >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a0 buffer_dom_id : 0015afb4 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00a4 lm_sess_key: 6b ed d0 fd 0d 81 d6 c8 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ac acct_flags : 00000000 >[2006/11/08 12:11:57, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) > dump_acct_flags >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b0 unkown: 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b4 unkown: 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b8 unkown: 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00bc unkown: 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c0 unkown: 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 unkown: 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c8 unkown: 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00cc num_other_sids: 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d0 buffer_other_sids: 00000000 >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000d4 smb_io_unistr2 uni_user_name >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d4 uni_max_len: 00000007 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d8 offset : 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00dc uni_str_len: 00000007 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00e0 buffer : w.w.w.u.t.z... >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ee smb_io_unistr2 - NULL uni_full_name >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ee smb_io_unistr2 - NULL uni_logon_script >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ee smb_io_unistr2 - NULL uni_profile_path >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ee smb_io_unistr2 - NULL uni_home_dir >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ee smb_io_unistr2 - NULL uni_dir_drive >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f0 num_groups2 : 00000002 >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000f4 smb_io_gid >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f4 g_rid: 00000201 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f8 attr : 00000007 >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000fc smb_io_gid >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00fc g_rid: 00000417 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0100 attr : 00000007 >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000104 smb_io_unistr2 uni_logon_srv >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0104 uni_max_len: 00000008 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0108 offset : 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 010c uni_str_len: 00000007 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0110 buffer : E.S.K.U.E.L.L. >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00011e smb_io_unistr2 uni_logon_dom >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0120 uni_max_len: 00000007 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0124 offset : 00000000 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0128 uni_str_len: 00000006 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 012c buffer : L.A.B.-.R.R. >[2006/11/08 12:11:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000138 smb_io_dom_sid2 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0138 num_auths: 00000004 >[2006/11/08 12:11:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00013c smb_io_dom_sid sid >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 013c sid_rev_num: 01 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 013d num_auths : 04 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 013e id_auth[0] : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 013f id_auth[1] : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0140 id_auth[2] : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0141 id_auth[3] : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0142 id_auth[4] : 00 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0143 id_auth[5] : 05 >[2006/11/08 12:11:57, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0144 sub_auths : 00000015 7b7e4147 61020126 26126b85 >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,45) >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,45) wrote 45 >[2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=12288 > smb_pid=2695 > smb_uid=22528 > smb_mid=13 > smt_wct=0 > smb_bcc=0 >[2006/11/08 12:11:57, 10] libsmb/clientgen.c:cli_rpc_pipe_close(383) > cli_rpc_pipe_close: closed pipe \NETLOGON to machine ESKUELL >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(132) > write_socket(17,39) >[2006/11/08 12:11:57, 6] libsmb/clientgen.c:write_socket(135) > write_socket(17,39) wrote 39 >[2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 35 >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=12288 > smb_pid=2695 > smb_uid=22528 > smb_mid=14 > smt_wct=0 > smb_bcc=0 >[2006/11/08 12:11:57, 3] auth/auth.c:check_ntlm_password(269) > check_ntlm_password: winbind authentication for user [wwwutz] succeeded >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:57, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 5] auth/auth.c:check_ntlm_password(295) > check_ntlm_password: PAM Account for user [wwwutz] succeeded >[2006/11/08 12:11:57, 2] auth/auth.c:check_ntlm_password(304) > check_ntlm_password: authentication for user [wwwutz] -> [wwwutz] -> [wwwutz] succeeded >[2006/11/08 12:11:57, 5] auth/auth_util.c:free_user_info(1866) > attempting to free (and zero) a user_info structure >[2006/11/08 12:11:57, 10] auth/auth_util.c:free_user_info(1869) > structure was created for wwwutz >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: WARTHOLE\wwwutz => WARTHOLE (domain), wwwutz (name) >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:57, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:57, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) > getsampwnam (smbpasswd): search by name: wwwutz >[2006/11/08 12:11:57, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) > startsmbfilepwent_internal: opening file /var/samba/private/smbpasswd >[2006/11/08 12:11:57, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) > getsmbfilepwent: end of file reached. >[2006/11/08 12:11:57, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) > endsmbfilepwent_internal: closed password file. >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:57, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: Unix User\wwwutz => Unix User (domain), wwwutz (name) >[2006/11/08 12:11:57, 10] lib/util_pw.c:getpwnam_alloc(76) > Got wwwutz from pwnam_cache >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_uid(1209) > sid_to_uid: S-1-22-1-130 -> 130 >[2006/11/08 12:11:57, 10] lib/system_smbd.c:sys_getgrouplist(125) > sys_getgrouplist: user [wwwutz] >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:57, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 15 -> S-1-22-2-15 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 12003 -> S-1-22-2-12003 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 121 -> S-1-22-2-121 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 20 -> S-1-22-2-20 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 209 -> S-1-22-2-209 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 263 -> S-1-22-2-263 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 219 -> S-1-22-2-219 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 352 -> S-1-22-2-352 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 0 -> S-1-22-2-0 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 257 -> S-1-22-2-257 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 1000 -> S-1-22-2-1000 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 369 -> S-1-22-2-369 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 154 -> S-1-22-2-154 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 400 -> S-1-22-2-400 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 5000 -> S-1-22-2-5000 >[2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-1-130] >[2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-15] >[2006/11/08 12:11:57, 5] lib/privileges.c:get_privileges_for_sids(458) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: > SE_PRIV 0x0 0x0 0x0 0x0 >[2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-12003] >[2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-121] >[2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-20] >[2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-209] >[2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-263] >[2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-219] >[2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-352] >[2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-0] >[2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-257] >[2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-1000] >[2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-369] >[2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-154] >[2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-400] >[2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-5000] >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-15 -> 15 >[2006/11/08 12:11:57, 10] auth/auth_util.c:create_local_token(1022) > Could not convert SID S-1-1-0 to gid, ignoring it >[2006/11/08 12:11:57, 10] auth/auth_util.c:create_local_token(1022) > Could not convert SID S-1-5-2 to gid, ignoring it >[2006/11/08 12:11:57, 10] auth/auth_util.c:create_local_token(1022) > Could not convert SID S-1-5-11 to gid, ignoring it >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-12003 -> 12003 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-121 -> 121 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-20 -> 20 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-209 -> 209 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-263 -> 263 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-219 -> 219 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-352 -> 352 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-0 -> 0 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-257 -> 257 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-1000 -> 1000 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-369 -> 369 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-154 -> 154 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-400 -> 400 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-5000 -> 5000 >[2006/11/08 12:11:57, 10] auth/auth_util.c:debug_nt_user_token(452) > NT user token of user S-1-22-1-130 > contains 19 SIDs > SID[ 0]: S-1-22-1-130 > SID[ 1]: S-1-22-2-15 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-12003 > SID[ 6]: S-1-22-2-121 > SID[ 7]: S-1-22-2-20 > SID[ 8]: S-1-22-2-209 > SID[ 9]: S-1-22-2-263 > SID[ 10]: S-1-22-2-219 > SID[ 11]: S-1-22-2-352 > SID[ 12]: S-1-22-2-0 > SID[ 13]: S-1-22-2-257 > SID[ 14]: S-1-22-2-1000 > SID[ 15]: S-1-22-2-369 > SID[ 16]: S-1-22-2-154 > SID[ 17]: S-1-22-2-400 > SID[ 18]: S-1-22-2-5000 > SE_PRIV 0x0 0x0 0x0 0x0 >[2006/11/08 12:11:57, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(132) > Got NT session key of length 16 >[2006/11/08 12:11:57, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(139) > Got LM session key of length 8 >[2006/11/08 12:11:57, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(738) > ntlmssp_server_auth: Created NTLM2 session key. >[2006/11/08 12:11:57, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) > NTLMSSP Sign/Seal - Initialising with flags: >[2006/11/08 12:11:57, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0xe0088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP_NEGOTIATE_56 >[2006/11/08 12:11:57, 10] smbd/password.c:register_vuid(185) > register_vuid: allocated vuid = 101 >[2006/11/08 12:11:57, 10] lib/util_pw.c:getpwnam_alloc(76) > Got wwwutz from pwnam_cache >[2006/11/08 12:11:57, 10] smbd/password.c:register_vuid(273) > register_vuid: (130,15) wwwutz wwwutz LAB-RR guest=0 >[2006/11/08 12:11:57, 3] smbd/password.c:register_vuid(279) > User name: wwwutz Real name: >[2006/11/08 12:11:57, 3] smbd/password.c:register_vuid(300) > UNIX uid 130 is UNIX user wwwutz, and will be vuid 101 >[2006/11/08 12:11:57, 7] param/loadparm.c:lp_servicenumber(5112) > lp_servicenumber: couldn't find wwwutz >[2006/11/08 12:11:57, 3] smbd/password.c:register_vuid(330) > Adding homes service for user 'wwwutz' using home directory: '/home/wwwutz' >[2006/11/08 12:11:57, 8] param/loadparm.c:add_a_service(2494) > add_a_service: Creating snum = 346 for wwwutz >[2006/11/08 12:11:57, 10] param/loadparm.c:hash_a_service(2541) > hash_a_service: hashing index 346 for service name wwwutz >[2006/11/08 12:11:57, 3] param/loadparm.c:lp_add_home(2587) > adding home's share [wwwutz] for user 'wwwutz' at '/home/wwwutz' >[2006/11/08 12:11:57, 6] param/loadparm.c:lp_file_list_changed(2998) > lp_file_list_changed() > file /usr/local/samba/etc/smb.conf.service.bkps -> /usr/local/samba/etc/smb.conf.service.bkps last mod_time: Tue Nov 7 10:59:35 2006 > > file /usr/local/samba/etc/smb.conf.global.%h -> /usr/local/samba/etc/smb.conf.global.warthole last mod_time: Thu Jan 1 01:00:00 1970 > > file /usr/local/samba/etc/smb.conf.global -> /usr/local/samba/etc/smb.conf.global last mod_time: Tue Nov 7 10:59:35 2006 > > file /usr/local/samba/etc/smb.conf -> /usr/local/samba/etc/smb.conf last mod_time: Wed Nov 8 12:11:08 2006 > >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=104 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=20672 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=61 >[2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) > [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x > [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 > [020] 00 2E 00 30 00 2E 00 32 00 33 00 63 00 00 00 4C ...0...2 .3.c...L > [030] 00 41 00 42 00 2D 00 52 00 52 00 00 00 .A.B.-.R .R... >[2006/11/08 12:11:57, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: 60 >[2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 82 >[2006/11/08 12:11:57, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x52 >[2006/11/08 12:11:57, 3] smbd/process.c:process_smb(1110) > Transaction 3 of length 86 >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=82 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=20736 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 82 (0x52) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=39 >[2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 5C 00 57 00 41 00 52 00 54 00 48 00 4F .\.\.W.A .R.T.H.O > [010] 00 4C 00 45 00 5C 00 49 00 50 00 43 00 24 00 00 .L.E.\.I .P.C.$.. > [020] 00 3F 3F 3F 3F 3F 00 .?????. >[2006/11/08 12:11:57, 3] smbd/process.c:switch_message(914) > switch message SMBtconX (pid 2695) conn 0x0 >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:57, 5] smbd/uid.c:change_to_root_user(274) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/11/08 12:11:57, 4] smbd/reply.c:reply_tcon_and_X(668) > Client requested device type [?????] for share [IPC$] >[2006/11/08 12:11:57, 5] smbd/service.c:make_connection(1116) > making a connection to 'normal' service ipc$ >[2006/11/08 12:11:57, 10] smbd/share_access.c:user_ok_token(224) > user_ok_token: share IPC$ is ok for unix user wwwutz >[2006/11/08 12:11:57, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user wwwutz >[2006/11/08 12:11:57, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is wwwutz >[2006/11/08 12:11:57, 10] lib/util_pw.c:getpwnam_alloc(76) > Got wwwutz from pwnam_cache >[2006/11/08 12:11:57, 5] lib/username.c:Get_Pwnam_internals(107) > Get_Pwnam_internals did find user [wwwutz]! >[2006/11/08 12:11:57, 10] smbd/service.c:set_conn_connectpath(121) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2006/11/08 12:11:57, 3] smbd/service.c:make_connection_snum(751) > Connect path is '/tmp' for service [IPC$] >[2006/11/08 12:11:57, 4] lib/sharesec.c:get_share_security(130) > get_share_security: using default secdesc for IPC$ >[2006/11/08 12:11:57, 10] lib/util_seaccess.c:se_map_generic(175) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2006/11/08 12:11:57, 10] lib/util_seaccess.c:se_access_check(231) > se_access_check: requested access 0x00000002, for NT token with 19 entries and first sid S-1-22-1-130. >[2006/11/08 12:11:57, 3] lib/util_seaccess.c:se_access_check(250) >[2006/11/08 12:11:57, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-22-1-130 > se_access_check: also S-1-22-2-15 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-22-2-12003 > se_access_check: also S-1-22-2-121 > se_access_check: also S-1-22-2-20 > se_access_check: also S-1-22-2-209 > se_access_check: also S-1-22-2-263 > se_access_check: also S-1-22-2-219 > se_access_check: also S-1-22-2-352 > se_access_check: also S-1-22-2-0 > se_access_check: also S-1-22-2-257 > se_access_check: also S-1-22-2-1000 > se_access_check: also S-1-22-2-369 > se_access_check: also S-1-22-2-154 > se_access_check: also S-1-22-2-400 > se_access_check: also S-1-22-2-5000 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >[2006/11/08 12:11:57, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (2) granted. >[2006/11/08 12:11:57, 3] smbd/vfs.c:vfs_init_default(219) > Initialising default vfs hooks >[2006/11/08 12:11:57, 5] smbd/connection.c:claim_connection(170) > claiming IPC$ 0 >[2006/11/08 12:11:57, 10] smbd/share_access.c:user_ok_token(224) > user_ok_token: share IPC$ is ok for unix user wwwutz >[2006/11/08 12:11:57, 10] smbd/share_access.c:is_share_read_only_for_token(265) > is_share_read_only_for_user: share IPC$ is read-only for unix user wwwutz >[2006/11/08 12:11:57, 4] lib/sharesec.c:get_share_security(130) > get_share_security: using default secdesc for IPC$ >[2006/11/08 12:11:57, 10] lib/util_seaccess.c:se_map_generic(175) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2006/11/08 12:11:57, 10] lib/util_seaccess.c:se_access_check(231) > se_access_check: requested access 0x00000001, for NT token with 19 entries and first sid S-1-22-1-130. >[2006/11/08 12:11:57, 3] lib/util_seaccess.c:se_access_check(250) >[2006/11/08 12:11:57, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-22-1-130 > se_access_check: also S-1-22-2-15 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-22-2-12003 > se_access_check: also S-1-22-2-121 > se_access_check: also S-1-22-2-20 > se_access_check: also S-1-22-2-209 > se_access_check: also S-1-22-2-263 > se_access_check: also S-1-22-2-219 > se_access_check: also S-1-22-2-352 > se_access_check: also S-1-22-2-0 > se_access_check: also S-1-22-2-257 > se_access_check: also S-1-22-2-1000 > se_access_check: also S-1-22-2-369 > se_access_check: also S-1-22-2-154 > se_access_check: also S-1-22-2-400 > se_access_check: also S-1-22-2-5000 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 >[2006/11/08 12:11:57, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (1) granted. >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (130, 15) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token of user S-1-22-1-130 > contains 19 SIDs > SID[ 0]: S-1-22-1-130 > SID[ 1]: S-1-22-2-15 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-12003 > SID[ 6]: S-1-22-2-121 > SID[ 7]: S-1-22-2-20 > SID[ 8]: S-1-22-2-209 > SID[ 9]: S-1-22-2-263 > SID[ 10]: S-1-22-2-219 > SID[ 11]: S-1-22-2-352 > SID[ 12]: S-1-22-2-0 > SID[ 13]: S-1-22-2-257 > SID[ 14]: S-1-22-2-1000 > SID[ 15]: S-1-22-2-369 > SID[ 16]: S-1-22-2-154 > SID[ 17]: S-1-22-2-400 > SID[ 18]: S-1-22-2-5000 > SE_PRIV 0x0 0x0 0x0 0x0 >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 130 > Primary group is 15 and contains 15 supplementary groups > Group[ 0]: 15 > Group[ 1]: 12003 > Group[ 2]: 121 > Group[ 3]: 20 > Group[ 4]: 209 > Group[ 5]: 263 > Group[ 6]: 219 > Group[ 7]: 352 > Group[ 8]: 0 > Group[ 9]: 257 > Group[ 10]: 1000 > Group[ 11]: 369 > Group[ 12]: 154 > Group[ 13]: 400 > Group[ 14]: 5000 >[2006/11/08 12:11:57, 5] smbd/uid.c:change_to_user(259) > change_to_user uid=(0,130) gid=(0,15) >[2006/11/08 12:11:57, 3] smbd/service.c:make_connection_snum(941) > waldi (141.14.22.101) connect to service IPC$ initially as user wwwutz (uid=130, gid=15) (pid 2695) >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:57, 5] smbd/uid.c:change_to_root_user(274) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/11/08 12:11:57, 2] smbd/reply.c:reply_tcon_and_X(711) > Serving IPC$ as a Dfs root >[2006/11/08 12:11:57, 3] smbd/reply.c:reply_tcon_and_X(715) > tconX service=IPC$ >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=48 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=20736 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 3 (0x3) > smb_bcc=7 >[2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) > [000] 49 50 43 00 00 00 00 IPC.... >[2006/11/08 12:11:57, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: 60 >[2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 116 >[2006/11/08 12:11:57, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x74 >[2006/11/08 12:11:57, 3] smbd/process.c:process_smb(1110) > Transaction 4 of length 120 >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=116 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=2844 > smb_uid=101 > smb_mid=20800 > smt_wct=15 > smb_vwv[ 0]= 48 (0x30) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 48 (0x30) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 16 (0x10) > smb_bcc=51 >[2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) > [000] 00 00 00 03 00 5C 00 77 00 61 00 72 00 74 00 68 .....\.w .a.r.t.h > [010] 00 6F 00 6C 00 65 00 5C 00 6D 00 61 00 6D 00 65 .o.l.e.\ .m.a.m.e > [020] 00 70 00 69 00 6D 00 61 00 67 00 65 00 73 00 5C .p.i.m.a .g.e.s.\ > [030] 00 00 00 ... >[2006/11/08 12:11:57, 3] smbd/process.c:switch_message(914) > switch message SMBtrans2 (pid 2695) conn 0x14028a050 >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (130, 15) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token of user S-1-22-1-130 > contains 19 SIDs > SID[ 0]: S-1-22-1-130 > SID[ 1]: S-1-22-2-15 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-12003 > SID[ 6]: S-1-22-2-121 > SID[ 7]: S-1-22-2-20 > SID[ 8]: S-1-22-2-209 > SID[ 9]: S-1-22-2-263 > SID[ 10]: S-1-22-2-219 > SID[ 11]: S-1-22-2-352 > SID[ 12]: S-1-22-2-0 > SID[ 13]: S-1-22-2-257 > SID[ 14]: S-1-22-2-1000 > SID[ 15]: S-1-22-2-369 > SID[ 16]: S-1-22-2-154 > SID[ 17]: S-1-22-2-400 > SID[ 18]: S-1-22-2-5000 > SE_PRIV 0x0 0x0 0x0 0x0 >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 130 > Primary group is 15 and contains 15 supplementary groups > Group[ 0]: 15 > Group[ 1]: 12003 > Group[ 2]: 121 > Group[ 3]: 20 > Group[ 4]: 209 > Group[ 5]: 263 > Group[ 6]: 219 > Group[ 7]: 352 > Group[ 8]: 0 > Group[ 9]: 257 > Group[ 10]: 1000 > Group[ 11]: 369 > Group[ 12]: 154 > Group[ 13]: 400 > Group[ 14]: 5000 >[2006/11/08 12:11:57, 5] smbd/uid.c:change_to_user(259) > change_to_user uid=(0,130) gid=(0,15) >[2006/11/08 12:11:57, 4] smbd/vfs.c:vfs_ChDir(741) > vfs_ChDir to /tmp >[2006/11/08 12:11:57, 10] smbd/trans2.c:call_trans2getdfsreferral(4932) > call_trans2getdfsreferral >[2006/11/08 12:11:57, 10] smbd/msdfs.c:parse_dfs_path(44) > temp in parse_dfs_path: .warthole\mamepimages. after trimming \'s >[2006/11/08 12:11:57, 10] smbd/msdfs.c:parse_dfs_path(54) > parse_dfs_path: hostname: warthole >[2006/11/08 12:11:57, 10] smbd/msdfs.c:setup_dfs_referral(834) > max_referral_level :3 >[2006/11/08 12:11:57, 10] smbd/msdfs.c:setup_ver3_dfs_referral(711) > setting up version3 referral >[2006/11/08 12:11:57, 10] smbd/msdfs.c:setup_ver3_dfs_referral(715) >[2006/11/08 12:11:57, 0] lib/util.c:dump_data(2215) > [000] 5C 00 77 00 61 00 72 00 74 00 68 00 6F 00 6C 00 \.w.a.r. t.h.o.l. > [010] 65 00 5C 00 6D 00 61 00 6D 00 65 00 70 00 69 00 e.\.m.a. m.e.p.i. > [020] 6D 00 61 00 67 00 65 00 73 00 5C 00 00 00 m.a.g.e. s.\... >[2006/11/08 12:11:57, 10] smbd/msdfs.c:setup_ver3_dfs_referral(724) > referral 0 : \warthole\mamepimages\ >[2006/11/08 12:11:57, 10] smbd/msdfs.c:setup_dfs_referral(854) > DFS Referral pdata: >[2006/11/08 12:11:57, 0] lib/util.c:dump_data(2215) > [000] 2C 00 01 00 03 00 00 00 03 00 22 00 01 00 00 00 ,....... .."..... > [010] 58 02 00 00 22 00 50 00 7E 00 00 00 00 00 00 00 X...".P. ~....... > [020] 00 00 00 00 00 00 00 00 00 00 5C 00 77 00 61 00 ........ ..\.w.a. > [030] 72 00 74 00 68 00 6F 00 6C 00 65 00 5C 00 6D 00 r.t.h.o. l.e.\.m. > [040] 61 00 6D 00 65 00 70 00 69 00 6D 00 61 00 67 00 a.m.e.p. i.m.a.g. > [050] 65 00 73 00 5C 00 00 00 5C 00 77 00 61 00 72 00 e.s.\... \.w.a.r. > [060] 74 00 68 00 6F 00 6C 00 65 00 5C 00 6D 00 61 00 t.h.o.l. e.\.m.a. > [070] 6D 00 65 00 70 00 69 00 6D 00 61 00 67 00 65 00 m.e.p.i. m.a.g.e. > [080] 73 00 5C 00 00 00 5C 00 77 00 61 00 72 00 74 00 s.\...\. w.a.r.t. > [090] 68 00 6F 00 6C 00 65 00 5C 00 6D 00 61 00 6D 00 h.o.l.e. \.m.a.m. > [0A0] 65 00 70 00 69 00 6D 00 61 00 67 00 65 00 73 00 e.p.i.m. a.g.e.s. > [0B0] 5C 00 00 00 \... >[2006/11/08 12:11:57, 9] smbd/trans2.c:send_trans2_replies(689) > t2_rep: params_sent_thistime = 0, data_sent_thistime = 180, useable_space = 131012 >[2006/11/08 12:11:57, 9] smbd/trans2.c:send_trans2_replies(691) > t2_rep: params_to_send = 0, data_to_send = 180, paramsize = 0, datasize = 180 >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=236 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=55361 > smb_tid=1 > smb_pid=2844 > smb_uid=101 > smb_mid=20800 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 180 (0xB4) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 180 (0xB4) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=181 >[2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) > [000] 00 2C 00 01 00 03 00 00 00 03 00 22 00 01 00 00 .,...... ...".... > [010] 00 58 02 00 00 22 00 50 00 7E 00 00 00 00 00 00 .X...".P .~...... > [020] 00 00 00 00 00 00 00 00 00 00 00 5C 00 77 00 61 ........ ...\.w.a > [030] 00 72 00 74 00 68 00 6F 00 6C 00 65 00 5C 00 6D .r.t.h.o .l.e.\.m > [040] 00 61 00 6D 00 65 00 70 00 69 00 6D 00 61 00 67 .a.m.e.p .i.m.a.g > [050] 00 65 00 73 00 5C 00 00 00 5C 00 77 00 61 00 72 .e.s.\.. .\.w.a.r > [060] 00 74 00 68 00 6F 00 6C 00 65 00 5C 00 6D 00 61 .t.h.o.l .e.\.m.a > [070] 00 6D 00 65 00 70 00 69 00 6D 00 61 00 67 00 65 .m.e.p.i .m.a.g.e > [080] 00 73 00 5C 00 00 00 5C 00 77 00 61 00 72 00 74 .s.\...\ .w.a.r.t > [090] 00 68 00 6F 00 6C 00 65 00 5C 00 6D 00 61 00 6D .h.o.l.e .\.m.a.m > [0A0] 00 65 00 70 00 69 00 6D 00 61 00 67 00 65 00 73 .e.p.i.m .a.g.e.s > [0B0] 00 5C 00 00 00 .\... >[2006/11/08 12:11:57, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: 60 >[2006/11/08 12:11:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 96 >[2006/11/08 12:11:57, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x60 >[2006/11/08 12:11:57, 3] smbd/process.c:process_smb(1110) > Transaction 5 of length 100 >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(478) >[2006/11/08 12:11:57, 5] lib/util.c:show_msg(481) > size=96 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=20864 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=53 >[2006/11/08 12:11:57, 10] lib/util.c:dump_data(2215) > [000] 00 5C 00 5C 00 57 00 41 00 52 00 54 00 48 00 4F .\.\.W.A .R.T.H.O > [010] 00 4C 00 45 00 5C 00 4D 00 41 00 4D 00 45 00 50 .L.E.\.M .A.M.E.P > [020] 00 49 00 4D 00 41 00 47 00 45 00 53 00 00 00 3F .I.M.A.G .E.S...? > [030] 3F 3F 3F 3F 00 ????. >[2006/11/08 12:11:57, 3] smbd/process.c:switch_message(914) > switch message SMBtconX (pid 2695) conn 0x0 >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:57, 5] smbd/uid.c:change_to_root_user(274) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/11/08 12:11:57, 4] smbd/reply.c:reply_tcon_and_X(668) > Client requested device type [?????] for share [MAMEPIMAGES] >[2006/11/08 12:11:57, 5] smbd/service.c:make_connection(1116) > making a connection to 'normal' service mamepimages >[2006/11/08 12:11:57, 10] smbd/share_access.c:user_ok_token(224) > user_ok_token: share mamepimages is ok for unix user wwwutz >[2006/11/08 12:11:57, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user wwwutz >[2006/11/08 12:11:57, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is wwwutz >[2006/11/08 12:11:57, 10] lib/util_pw.c:getpwnam_alloc(76) > Got wwwutz from pwnam_cache >[2006/11/08 12:11:57, 5] lib/username.c:Get_Pwnam_internals(107) > Get_Pwnam_internals did find user [wwwutz]! >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: WARTHOLE\imgdata => WARTHOLE (domain), imgdata (name) >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:57, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:57, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) > getsampwnam (smbpasswd): search by name: imgdata >[2006/11/08 12:11:57, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) > startsmbfilepwent_internal: opening file /var/samba/private/smbpasswd >[2006/11/08 12:11:57, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) > getsmbfilepwent: end of file reached. >[2006/11/08 12:11:57, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) > endsmbfilepwent_internal: closed password file. >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:57, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: Unix User\imgdata => Unix User (domain), imgdata (name) >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_uid(1209) > sid_to_uid: S-1-22-1-1087 -> 1087 >[2006/11/08 12:11:57, 10] lib/system_smbd.c:sys_getgrouplist(125) > sys_getgrouplist: user [imgdata] >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:57, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 372 -> S-1-22-2-372 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 392 -> S-1-22-2-392 >[2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-1-1087] >[2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-372] >[2006/11/08 12:11:57, 5] lib/privileges.c:get_privileges_for_sids(458) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: > SE_PRIV 0x0 0x0 0x0 0x0 >[2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2006/11/08 12:11:57, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-392] >[2006/11/08 12:11:57, 3] smbd/service.c:make_connection_snum(672) > Forced user imgdata >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: WARTHOLE\abt_her => WARTHOLE (domain), abt_her (name) >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:57, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: Unix Group\abt_her => Unix Group (domain), abt_her (name) >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_gid(1294) > sid_to_gid: S-1-22-2-9000 -> 9000 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: WARTHOLE\imgdata => WARTHOLE (domain), imgdata (name) >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:57, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:57, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) > getsampwnam (smbpasswd): search by name: imgdata >[2006/11/08 12:11:57, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) > startsmbfilepwent_internal: opening file /var/samba/private/smbpasswd >[2006/11/08 12:11:57, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) > getsmbfilepwent: end of file reached. >[2006/11/08 12:11:57, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) > endsmbfilepwent_internal: closed password file. >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:57, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:lookup_name(63) > lookup_name: Unix User\imgdata => Unix User (domain), imgdata (name) >[2006/11/08 12:11:57, 10] lib/util_pw.c:getpwnam_alloc(76) > Got imgdata from pwnam_cache >[2006/11/08 12:11:57, 10] passdb/lookup_sid.c:sid_to_uid(1209) > sid_to_uid: S-1-22-1-1087 -> 1087 >[2006/11/08 12:11:57, 10] lib/system_smbd.c:sys_getgrouplist(125) > sys_getgrouplist: user [imgdata] >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:push_sec_ctx(207) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:57, 3] smbd/uid.c:push_conn_ctx(344) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/11/08 12:11:57, 3] smbd/sec_ctx.c:set_sec_ctx(240) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2006/11/08 12:11:57, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/11/08 12:11:58, 3] smbd/sec_ctx.c:pop_sec_ctx(338) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/11/08 12:11:58, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 372 -> S-1-22-2-372 >[2006/11/08 12:11:58, 10] passdb/lookup_sid.c:gid_to_sid(1136) > gid_to_sid: local 392 -> S-1-22-2-392 >[2006/11/08 12:11:58, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-1-1087] >[2006/11/08 12:11:58, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-372] >[2006/11/08 12:11:58, 5] lib/privileges.c:get_privileges_for_sids(458) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: > SE_PRIV 0x0 0x0 0x0 0x0 >[2006/11/08 12:11:58, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2006/11/08 12:11:58, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2006/11/08 12:11:58, 3] lib/privileges.c:get_privileges(260) > get_privileges: No privileges assigned to SID [S-1-22-2-392] >[2006/11/08 12:11:58, 10] smbd/service.c:make_connection_snum(736) > Could not convert SID S-1-22-1-1087 to gid, ignoring it >[2006/11/08 12:11:58, 0] lib/fault.c:fault_report(41) > =============================================================== >[2006/11/08 12:11:58, 0] lib/fault.c:fault_report(42) > INTERNAL ERROR: Signal 11 in pid 2695 (3.0.23c) > Please read the Trouble-Shooting section of the Samba3-HOWTO >[2006/11/08 12:11:58, 0] lib/fault.c:fault_report(44) > > From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf >[2006/11/08 12:11:58, 0] lib/fault.c:fault_report(45) > =============================================================== >[2006/11/08 12:11:58, 0] lib/util.c:smb_panic(1591) > PANIC (pid 2695): internal error >[2006/11/08 12:11:58, 0] lib/util.c:log_stack_trace(1749) > unable to produce a stack trace on this platform >[2006/11/08 12:11:58, 0] lib/fault.c:dump_core(173) > dumping core in /var/samba/cores/smbd
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2202">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 4214
: 2202 |
2203
|
2204
|
2219